danielmiessler.com » Pentesting http://danielmiessler.com grep understanding Sun, 12 Feb 2012 09:25:59 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 New Pentesting TV Show Coming Out http://danielmiessler.com/blog/new-pentesting-tv-show-coming-out http://danielmiessler.com/blog/new-pentesting-tv-show-coming-out#comments Fri, 21 Dec 2007 18:00:13 +0000 Daniel Miessler http://dmiessler.com/blogarchive/new-pentesting-tv-show-coming-out This vérité action series follows Tiger Team – a group of elite professionals hired to infiltrate major business and corporate interests with the objective of exposing weaknesses in the world’s most sophisticated security systems, defeating criminals at their own game.

Tiger Team is comprised of Security Audit Specialists Chris Nickerson, Luke McOmie and Ryan Jones who employ a variety of covert techniques – electronic, psychological and tactical – as they take on a new assignment in each episode.

The show will air on CourtTV Tuesday, December 25 at 11 and 11:30pm E/P. Here’s a sample:

]]> http://danielmiessler.com/blog/new-pentesting-tv-show-coming-out/feed 8 You Already Have Admin, Dumbass http://danielmiessler.com/blog/you-already-have-admin-dumbass http://danielmiessler.com/blog/you-already-have-admin-dumbass#comments Sat, 29 Sep 2007 02:10:13 +0000 Daniel Miessler http://dmiessler.com/blogarchive/you-already-have-admin-dumbass There’s an old saying in Tennessee — I know it’s in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” —President George W. Bush, Nashville, Tenn., Sept. 17, 2002

Nothing is more lame than trying to pull Windows hashes off a system in order to break the administrator account’s password when you are on the system because the admin password was blank.

Well, that’s actually not true. There’s one thing that’s more lame, and that’s doing it more than once.

Here’s my list of systems that I have admin access to, let me pull the hashes from this one that was wide open…la la la…pullng them….breaking them…admin password? Blank! Blank? Well what the hell does that get me? Ah, shit, I did it again…

Retardo the Destructor.

]]> http://danielmiessler.com/blog/you-already-have-admin-dumbass/feed 6 Pentesting: Use Firefox Quicksearches To Lookup Bugtraq IDs From The Address Bar http://danielmiessler.com/blog/pentesting-use-firefox-quicksearches-to-lookup-bugtraq-ids-from-the-address-bar http://danielmiessler.com/blog/pentesting-use-firefox-quicksearches-to-lookup-bugtraq-ids-from-the-address-bar#comments Thu, 21 Sep 2006 18:48:17 +0000 Daniel Miessler http://dmiessler.com/archives/931 Just thought I’d pass on a little shortcut for looking up Bugtraq IDs:

** Firefox only

  1. Go to google.com and right click in the search field
  2. Select “Add a Keyword For This Search…”
  3. In the name field type, “Bugtraq Vulnerability Quicksearch” (or whatever)
  4. In the keyword field, enter “bid” or “vuln” — again, up to you. This is your shortcut.
  5. Save the bookmark and then go to Bookmarks –> Organize Bookmarks and edit the properties of the bookmark you just made.
  6. In the properties field, replace what’s there with the following URL: http://search.securityfocus.com/swsearch?query=bid%20%s&sbm=bid&metaname =alldoc&sort=swishrank (all one line)
  7. Save your bookmark again and prepare to be impressed.

Now, just go to your address bar (cmd/ctrl-L) and type bid 1499 , like so:

BID Qucksearch

The results are beautiful:

BID Quicksearch Results

]]> http://danielmiessler.com/blog/pentesting-use-firefox-quicksearches-to-lookup-bugtraq-ids-from-the-address-bar/feed 6