Gutenberg Plugin: Terminal Display Currently building a Gutenberg plugin to display Parrot OS terminal output. Github: https://github.com/mrjamiebowman/Gutenberg-Terminal-Display Parrot Security OS Parrot Security OS ┌───└──╼ $ nmap -sV 127.0.0.1(Gutenberg Terminal Display)
Parrot OS 4.7 Full-Screen Issue This is a quick easy fix. By default, it appears that Parrot OS 4.7 virtual appliance (.ova) doesn't come with VirtualBox Guest Additions installed. Once you have booted up Parrot OS run this command to install the VirtualBox Guest Utilities. Once this is installed, you may reboot and everything...
Offensive .NET: C# Reverse Shell https://youtu.be/NqwpwusH6WU Creating a .NET C# reverse shell that is undetectable is very easy. In this example, I'm going to use BankSecurity's reverse shell that I forked. This is a real basic reverse shell. Some of the more advanced code will be obfuscated and...
Parrot OS Configuration This is how I set up my Parrot OS after installation. There are a few things I believe are missing that should be installed or done. I like to keep things as real as possible so this will be hackers set up. UFW VPN Kill Switch
SSH Tunneling When you need to access a server/client behind a firewall that doesn't allow port forwarding you can use SSH tunneling to bypass that if an SSH server is running. Pivoting is a sneaky technique that hackers use to access computers, servers, and services behind firewalls. These examples will use OpenSSH. I think...
Force TLS in .NET Versions before ASP.NET 4.7 default to making outbound connections using TLS 1.0. This is a real problem for security for many reasons. It's now been deprecated with many CVEs. Some of these vulnerabilities make TLS 1.0 vulnerable to man-in-the-middle attacks. A lot of APIs will not accept incoming requests from...
Enumerating Samba/SMB Servers Unintentionally leaving port 445 open or misconfiguring Samba can risk catastrophic damage to a corporation. Enumerating the Samba/SMB port can return critical information about file shares, users, printers and network groups. This can be a cornerstone for brute forcing accounts and accessing unprotected Samba shares. enum4linux
Brute Forcing Forms with Hydra Hydra is more capable than just brute-forcing services, this tool can also brute force web forms. Dirb/DirBuster not returning anything? Change the user-agent. Some applications can be programmatically set up to deflect penetration testing. In...
78 ° F