Hi everyone! Here is a report on the Netscan module. (working title) Along with internal DNS attacks (using sfuzzer) or WMI scanning on Windows, Netscan will give you another way of hacking into a corporate network. Similar to a Man in the Middle attack, you will be able to launch Netscan as soon as you are connected to the Turbine C2 Card via VPN. Scanning the ARP table will reveal IPs and server names on a local network. Unsecured endpoints (file sharing, databases, etc) will be identified. Using the impersonate function, you will be able to enter credentials or execute password attacks to gain higher privileges on the network. From the Netscan module you can automate password attacks, launch fingerprint scans, open a file browser session and initiate database connections. We also introduced another way of hacking: process injection. Using the proper credentials, Stinger OS will let you scan all running process and identify vulnerable one. From there, you will be able to execute scripts and compromised these processes. For example, using a vulnerable process, you can escalate privileges to install an FTP service and open up a file browsing session on a previously secure computer. All in all, netscan is a versatile Swiss army knife, giving you key intel for your offensive actions against a network. Following multiple iterations in the last two weeks, we are now confident moving forward and having you test it in the next beta update. Cheers!
Wow! I get busy with end of semester stuff and holidays and come back to find that a lot has changed. Looks like it's going to be fun to play with and a lot more ways to try and access a system. Can't wait to try all of these tools out when I get a chance.
I'd imagine sometime this week as the staff were busy as hell with the live event and deserved a break.
