OpenSSH < 7.7 - Username Enumeration Exploit

On August 15th, 2018 a vulnerability was posted on the OSS-Security list. This post explained that OpenSSH (all versions prior to and including 7.7) is vulnerable to username enumeration by sending a malformed public key authentication request (SSH2_MSG_USERAUTH_REQUEST with type “publickey”) to the service. Read more at our #_shellntel blog.

Kraken Password Cracker

How to Build a 8 GPU Password Cracker

This build doesn’t require any “black magic” or hours of frustration like desktop components do. If you follow this blog and its parts list, you’ll have a working rig in 3 hours. These instructions should remove any anxiety of spending 5 figures and not knowing if you’ll bang your head for days. Read more at…

Luckystrike: An Evil Office Document Generator.

Luckystrike is a PowerShell based generator of malicious .xls documents (soon to be .doc). All your payloads are saved into a database for easy retrieval & embedding into a new or existing document. Luckystrike provides you several infection methods designed to get your payloads to execute without tripping AV. Read more at our #_shellntel blog.

Weaponizing Nessus

Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has been trimmed: Responder doesn’t work, no passwords in GPP, all systems patched up to date, no Spring2016 passwords, etc. As frustrating as this is…