Capturing NTLM Hashes using Bettercap

Recently during an engagement, while I was performing an internal network assessment, I figured out that responder was not able to capture the hashes. Initially I thought that this might be due to some issue with the responder configuration or the options that I am using. After fiddling with it for a while, I started searching on capture NTLM hashes over the internet. I found some good links to use bettercap and thought of putting it down for my own reference.

Continue reading “Capturing NTLM Hashes using Bettercap”

Getting system access using malicious word file

Background

Microsoft Office Word / Wordpad remote code execution vulnerability allows a remote attacker to execute arbitrary code on the system. An attacker can send specially crafted files which can cause the MS Word / Wordpad to download a remote shell and the attacker can gain access of the system. Once, the attacker has control of the machine, he / she can install a software, create a backdoor, view, modify or delete data, can create users with full permissions.

Continue reading “Getting system access using malicious word file”

DDoS Simulation using DNS Aliases

Background

Recently, we encountered a security incident for one of our major BFSI clients. This client was hit by a DDoS attack. The victim received an email the previous day asking them to either pay certain ransom amount or become the victim of this attack. The severity of the attack would increase if the victim did not pay the ransom money to the cyber-terrorist group. The victim was using a well-known Cloud Service Provider’s Network to host one of their static web application.

Continue reading “DDoS Simulation using DNS Aliases”