Pentesting ICS (Profinet)

Profinet

Use profinet_scanner.py to detect devices on a network!

Once the devices are identiied, MiTM, packet record/replay attacks can be used as there is no security on the protocol!

To scan from outside, the default ports used are: port 34962-64

Resources and bibliography:

Industrial Cybersecurity – Efficiently secure critical infrastructure systems by Pascal Ackerman
Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS by T. Macaulay, B. L. Singer
Tools source: https://github.com/Boxbop/scada-tools

31st December 2018 / int0x33

ROP Emporium ret2win (64bit)

I am starting the 365 Days of Pwn blog series with 64bit ROP Emporium challenges. 64bit is of course what […]
1st January 2019 / int0x33

Write an SMPP Fuzzer

So there has been a lot of talk with Twitter SMS spoofing in the news recently, celebrity accounts were ‘hacked’ […]
2nd January 2019 / int0x33

ROP Emporium split (64bit)

About the challenge I’ll let you in on a secret; that useful string “/bin/cat flag.txt” is still present in this […]
3rd January 2019 / int0x33

Recover Passcode (attackdefense.com)

Using static analysis, figure out the passcode to run challenge successfully i.e. ./challenge CORRECT_PASSCODE . If you get the right passcode, a […]
4th January 2019 / int0x33

ROP Emporium callme (64bit)

If you are reading this, then this is the third post on writing ROP chain exploits, so far we have […]

15th April 2019 / int0x33

Getting Passed SSL Warnings on ExploitDB Scripts for OSCP

The key lines are as follows: This is the same as -k with curl and –no-check-certificate for wget.
14th April 2019 / int0x33

Windows Pentesting Tools / Exploit Repositories

Mimikatz BloodHound Empire Nishang Responder CrackMapExec PSExec WindowsEnum Gdog Windows-Kernel-Exploits
13th April 2019 / int0x33

Windows Run-As Reverse Shell

You got user credentials, they might even be admin, what next? Shell of course, here is how to run as […]
12th April 2019 / int0x33

Top 3 Hacking Tips

You may notice that the following tips are non-technical, that’s because I honestly believe my best hacking tips are not […]
11th April 2019 / int0x33

Windows API Calls for Process Injection / Manipulation / Migration

Essential Win API Functions OpenProcess() for opening the remote process VirtualAllocEx() for allocating memory in remote process WriteProcessMemory() for writing shellcode in […]