Stealing Windows credentials is the ultimate goal of every penetration tester. Being able to leak them outside the local network just aggravates the problem. There are many ways one can achieve this, some requiring complex attacks or user interaction. There is however an old and undocumented Windows feature that transforms the business of stealing Windows credentials a walk in the park. Let me introduce Windows Explorer Shell Command Files.
If you wanted to build your own Android app to connect to a Python service, over Bluetooth, to control a Raspberry Pi, you just found the resources to do so. I know there are plenty of apps that control a Raspberry Pi. Most of them connect over SSH and some of them using Bluetooth. However, finding a tutorial that teaches you how to build your own is harder. You can probably do some research like I did and write an app but I haven’t managed to get the whole information in the same place.
The aim of this article is to showcase a PHP backdoor that is small enough to pass unnoticed while still allowing the execution of complex operations. Maintaining access to a compromised system is one important step during penetration testing. In most cases this is achieved using backdoors. These can either live as standalone pieces of software or as part of legitimate code. And always, no matter how the backdoor is designed, being hard to discover is an important aspect.