TransHex is Released!

Social Links

GFI Languard Hack

We have all faced the problem of transferring “malicious” or binary files through corporate firewalls or proxies when doing penetration tests. Previously the work around was quite easy. FTP, SSL, and SSH tunneling (the list goes on) provided a quick and easy way to bring whatever tools a penetration tester needed into the environment. Edge technologies have now matured and these simple techniques are no longer working mainly due to next generation firewalls with application ID. So how do you get around this? Go old school to beat new school tech!

Released June 25, 2013


Originally when we first started creating a process to use GFI LanGuard to create an Enterprise Administrator account in Active Directory we thought that it would be a zero day. However it has turned out that the way our exploit was going to work depended on a pretty stupid admin. So it is not as spectacular as we wanted but we have a proof of concept written and working.

The catch of having a stupid admin relies on a specific configuration set and the exploit must be run as a local admin on a windows box. Even though there are these limitations on the success of the exploit we are sure that it will work in at least some corporate deployments.

PoC released February 5, 2013.