Friday, February 28, 2014

OSINT Tricks: Combining Shodan + The Harvester

The Harvester is  a good tools for data mining enumeration during RECON/Information Gathering period. On version 2.2a  the harvester support integration with SHODAN.


In order to use SHODAN services in the Harvester you need to supply the API key . So if you try to use it without supplying the SHODAN API Key.



There is not a proper documentation on how to supply the the Shodan API key but after reading the source code , you need to supply the key at discovery/shodansearch.py


After supplying , the results for information gathering/stalking becoming much more useful.



Sunday, February 2, 2014

Uploading files on an interactive windows shell. Part 2 ..

Based on previous post. A reader ask me how the heck should i get a psexec uploaded on the system on the first place? Good question..

First technique introduced by our favorite vendor of all time. That's right folk microsoft...!!!


If you don`t believe me..


2nd technique. What happen if our firewall blocked SMB/WebDAV protocol.. Then we can upload it back manually using VB Script as describe by SK Chong in Phrack Issue 62 at 6.b




3rd. Technique. If we are on Windows 7/2008/8.1 . Hello One Line Powershell 



Endless imagination.