https://tahadraidia.com/tags/ruby/Recent content in Ruby on Taha DraidiaHugo -- gohugo.ioen-usFri, 03 Dec 2021 09:48:14 +0000https://tahadraidia.com/posts/identify-weak-service-configuration-with-oneliner-of-powershell/Fri, 03 Dec 2021 09:48:14 +0000https://tahadraidia.com/posts/identify-weak-service-configuration-with-oneliner-of-powershell/One of the features of PEN300 MSF script is lazy privilege escalation, it checks for few common excessive permissions and lack of configuration in certain component of the box. The missing part was how to identify weak service configuration? the approach was already known, however how to achieve it using MSF Ruby API or Win32 API seemed doomed. MSF Windows Services class relies on sc_manager, this won’t work with low privileged user.https://tahadraidia.com/posts/automate-the-reconnaissance-phase/Thu, 02 Dec 2021 07:43:03 +0000https://tahadraidia.com/posts/automate-the-reconnaissance-phase/If you have been reading my OSEP (PEN300) post series, you know that I love automating things, reconnaissance phase is one of the repetitive tasks that you do for each machine you compromise right. In this post, I am going to share with you how I took advantage of the existing scripts and tools to create let’s say a reconnaissance script bundle. The script is written into Powershell, the language has a rich API and special when it allow us to load .https://tahadraidia.com/posts/added-runasppl-check-to-our-pen300-msf-script/Wed, 01 Dec 2021 10:21:33 +0000https://tahadraidia.com/posts/added-runasppl-check-to-our-pen300-msf-script/While running some test this morning and stumbled on the following error: Could not execute auto: Rex::Post::Meterpreter::RequestError priv_passwd_get_sam_hashes: Operation failed: The parameter is incorrect. This occurred while executing right after enabling restricted admin in our MSF script as show in the screenshot. There are two important points we need to discuss here, first when the error happened, it was not handle hence, the script stop running, this bad. The second point is what could go wrong right?https://tahadraidia.com/posts/write-a-class-helper-for-metasploit-powershell-extension/Sun, 28 Nov 2021 15:43:16 +0000https://tahadraidia.com/posts/write-a-class-helper-for-metasploit-powershell-extension/Three weeks ago or so I started writing a MSF script that automates repeated tasks such running reconnaissance scripts, dumping credentials, listing tokens that could be impersonated and so on. The current script does all what I have listed above among other things, however, some part of the code generates Powershell cradles and executes Powershell commands, I would say that this is not an elegant way to do it. For instance, here are two examples where I run Powershell commands: