CUDA Support for Hashcat on Parrot OS

I’ve always struggled with anything relating to video drivers in Linux to begin with, but one of the things that has always bothered me most about it was never being able to get GPU support for hash cracking. Today, after way too long of failing, I finally got it working so I figured it would make a good post in case there are other driver-challenged folk out there.

Continue reading “CUDA Support for Hashcat on Parrot OS”

CherryTree – Notes for Anything

One of the most important aspects of any job is your ability to stay organized and keep good notes. This is especially true during penetration tests. During a typical testing engagement, you will compile an enormous amount of data concerning what you did, when you did it, what systems you were doing to, and what the results were. You then need to be able take that information and convey it in a manner that the client will understand and be able to take action on. These may be folk on the business side of the house, who may not be receptive to overly technical presentations, they could be the business IT staff who prefer overly technical presentations that tell them how to reproduce and/or fix the issue, or possibly both.

Continue reading “CherryTree – Notes for Anything”

Poison Writeup

Note: Looking back at my notes, I never actually formally wrote this up rather I just have a bulleted list of what I did. I will come back and do this properly at a future date.

  • Navigating to the site shows that it returns file data based on input. There is a short list of files that are intended to be examined by this process. One of which is listfiles.php so we start with that.
Continue reading “Poison Writeup”

Celestial Writeup


nmap -A shows a node.js server running on TCP 3000. Navigating to this server in the web browser and inspecting the headers reveals that is further using the Express framework and we are using a single .profile cookie that appears to be the only point of sending input to the server, maybe there is trust in that data that we can abuse. A quick Google search shows that there is a deserialization bug that can lead to remote code execution. This sounds promising as we can execute a reverse shell to connect back to a netcat listener on my Kali box. Details on the exploit that I found useful can be found at

Continue reading “Celestial Writeup”

Valentine Writeup


Port Scan: nmap -A shows ports 22, 80, and 443 open. http-enum.nse shows /dev/ /index/ directories on both 80 and 443. Checking these directories reveals 2 interesting files. A hex encoded RSA private key which after initial attempt to log in with, appears to be passphrase encrypted and notes.txt file which mentions an encoder/decoder somewhere on the site.  Navigating to the https site in the browser and examining the headers and security information found under developer tools shows that the website is using TLSv1.2, which is vulnerable to the Heartbleed exploit.

Continue reading “Valentine Writeup”