HackTheBox – DevOops – XXE Injection & Git Repo Enumeration

PenTest.WS demonstration hacking the DevOops machine from HackTheBox.eu. This video demonstrates using an XXE Injection vulnerability to pull sensitive files off a remote server. The privilege escalation is to search through a git repository to find root’s private ssh key.

2:26 – Web page extension enumeration
5:21 – XML fuzzing
7:49 – XXE Injection
10:53 – Stealing an SSH key
14:19 – Searching a Git repo
17:53 – Extracting root’s SSH key

HackTheBox – Sunday – Brute Forcing

PenTest.WS demonstration hacking the Sunday machine from HackTheBox.eu. This video includes brute forcing the finger and ssh services. John the Ripper is used to brute force a password. Privilege escalation is to use sudo and the wget command to read & write protected files.

2:14 – Downloading the corncob word list
4:18 – Brute forcing the finger service with a custom bash script
8:12 – Brute forcing ssh using hydra
12:02 – John the Ripper brute forcing a shadow.bak file
15:05 – sudo & the wget command for privilege escalation

HackTheBox – Falafel – PTWS Shells Library & Credentials Database

PenTest.WS demonstration hacking the Falafel machine from HackTheBox.eu. This video includes using the Shells Library for quick reverse shells. It also demonstrates using the Credentials Database to track usernames and passwords.

2:00 – Global Service Notes
2:43 – SQLMap
6:37 – PHP Magic Hashes
9:40 – WGet Vulnerability
14:30 – Reverse Shell
16:42 – Privilege Escalation

Private Beta Program Launches

betaAfter nearly a year of development, PenTest.WS is proud to announce the launch of it’s private beta program. This program is currently invitation only. If you would like to join the private beta, please use this form to send an Invitation Code Request.

PenTest.WS has been developed specifically for the penetration tester. This web application has helped at least one pentester achieve the Offensive Security Certified Professional (OSCP) certification. More recently PenTest.WS has been used when attacking machines on the HackTheBox.eu network. Several features have grown organically through this process.

The host discovery & service enumeration processes are now point and click, regardless of where the scan is being conducted from. PenTest.WS uses copy-and-paste to get its commands into the terminal. This means if you can paste it, you can use PenTest.WS’s library of customizable commands to automate these processes.

Importing Nmap’s XML data has been refined and enhanced since initial development began. This process is now more robust and handles a wider array of Nmap versions. The stored XML data is now displayed in an easy to navigate live view rather than a static data dump displayed to the pentester.

While importing Nmap’s data remains a key feature of PenTest.WS, other features have proven to be just as useful. One such feature is the Global Service Notes (GSN). The GSN system is quickly becoming a fan favorite and continues to provide reminders and hints for faster hacking. Additionally, the user defined shell command library now includes more netcat versions and an expanded shell upgrade section.

Perhaps the biggest development over the past twelve months is beginning of a report writing module. Reporting is the deliverable product after conducting a penetration test. It therefor makes sense to include a reporting module in the PenTest.WS web application. Screen captures, code snippets and exploitation instructions can all be included directly into a host’s reporting module.

Future plans for the reporting module include a one-click solution to export these reports into a fully deliverable document at the conclusion of a pentest engagement. This export feature will include a templating engine to provide consistency and branding for the pentester. This feature is being actively developed.

Please drop us a line and let us know if you’re interested in a receiving an Invitation Code.