The Road to OSCP

It would seem that I have been absent for quite some time. Truth be told, I have been extremely busy, both in professional and private life and finding time to blog can be a struggle. However, I recently signed up to do OSCP and have slowly been working trough the course. So far, it has … Read more

Exploiting IPMI

There are 2 common IPMI vulnerabilities that Nessus picks up, zero ciphers and password hash disclosure. The zero cipher vulnerability is often found enabled by default, It allows an attacker to bypass authentication altogether. The service generally runs on tcp/623. You’ll need to install ipmitool in order to exploit it. The following command will list … Read more

Finding and Cracking Excel hashes with John

I was recently involved in an engagement where I had the requirement to find and crack multiple password protected excel documents that were located in unknown locations on a hard disk. The first challenge was locating them. I did this using the tree command to first index all the files on the disk, I then used grep to search … Read more

Program.Ninja – A hackers reference.

Program.Ninja – a hackers reference.   This happens to be the first blog post on this site, and what better way to start off by blogging about a new project that a colleague of mine has been working on. The site aims to be a “go to” reference for CLI commands for common tools used … Read more