CodeWatch
From the monthly archives: October 2013

GoPhishing Update – Autocomplete and More

By On October 26, 2013 · Leave a Comment

I’ve updated the gophish script discussed here and here. This update includes the following features and fixes:

Fixed an issue where redirections would occur immediately upon access Added option to pass in your own log file as an argument Smart(er) redirects Autocomplete Support

The original script did not expect the link being accessed […]

Continue Reading

Adventures in Penetration Testing: Let’s Go Phishing – Update

By On October 19, 2013 · Leave a Comment

Please see the original article for more information about this phishing script. This is just a minor update to some functionality that I added over the weekend. I haven’t hooked BeEF in yet, but I have added Metasploit, which can be nice.

The updated version, which can be found here, can be tied […]

Continue Reading

Adventures in Penetration Testing: When DEP and AV Muck it Up

By On October 18, 2013 · Leave a Comment

A while back I was performing a network penetration test and came across a remote code execution vulnerability in one of the web applications hosted at the site. It got me excited because I just knew it was going to result in some level of access to the host. It looked like a pretty simple […]

Continue Reading

Adventures in Penetration Testing: Let’s Go Phishing

By On October 17, 2013 · Leave a Comment

Phishing and social engineering engagements are often unique to each customer, however; I often find that a customer just wants one of their web pages, like their web email sign on page, copied. This link to this phishing site is then emailed out to the victims to determine their susceptibility in clicking on the link […]

Continue Reading