Skip to main content

BPATTY[RELOADED] v1.3 release!

· 4 min read
Brian Johnson
Security Guy

Release notes for v1.3

  • baddns - added - for finding bad dns!
  • BloodHound - added - script for jq to dump out the description and 'whencreated' and sorts by newest at top...it also does unix conversion
  • certipy - added clarification on ESC8 with DC example, as well as correction on using curl to validate ESC8 vuln
  • coercer - added context on coercing an entire file full of vicim hosts. Fun!
  • dism - new! - handy for uninstalling the not-so-privacy-friendly Recall feature!
  • dnstool - added troubleshooting for the legacy error
  • get-adobject - added context for nabbing trust keys
  • gowitness - added syntax for running the binary version of gowitness
  • egress filtering - added info about go-out
  • exegol - new! - cool software "package" for pentesting
  • go-out - new! - for checking egress filtering
  • gowitness - added new docker download URLs and adjusted some command typos
  • hashcat - added context for cracking DCC2 hashes
  • netexec - added little script for taking list of machines running WebClient and sorting them
  • nmap-xml-to-csv - new! takes an nmap scan and converts to CSV
  • ntlmv1-multi - new! - for getting those hard-to-reach NTLMv1 hashes
  • pxethief - new! - helps enumerate/pwn SCCM environments!
  • pxethiefy - new! - helps enumerate/pwn SCCM environments!
  • Proxmox - added information about how to make backups of VMs and move them to another node in a cluster. Also added some info on troubleshooting the move of Linux VMs from one node to another and sometimes the VM not picking up on DHCP configs. And disk resizing! And adding RAM!
  • rubeus - added info on "describing" a ticket to see if credential guard was in place
  • secretsdump - added information on using a regular domain account to do the dump, and also cool references like the p0lardious article
  • sccmhunter - new! - finds/attacks SCCM
  • snaffler - added correction on how to snaffle just a specific system
  • snmpbulkwalk - new! - with info on POCing the SNMP "bulkwalk" vulnerability
  • snmpwalk - new! - walking SNMP is fun (?)
  • subsnipe - new! - for sniping subdomains
  • tar - added correct context for extracting a tar.gz file
  • testssl.sh - new! - awesome script for stuff
  • Uptimekuma - new! - this software is like UptimeRobot but...free!
  • wfuzz - new! - for fuzzing the stuff

Slow-baking in the oven for future releases

Tools

General cleanup

  • Go back into each tool page and provide the source download link!
  • Review all docs tagged with review
  • Under review: a BPATTY reader noted "I’d have to disagree with your comment in certipy.py on bpatty, about a 401 unauthorized means the endpoint has been hardened. A 401 is exactly what we want as the web app is blocking us as we didn’t provide creds to log on. Having the site accessible is good news. Having a 403 Forbidden on the other hand, is generally bad news and I’ve never had this work." - updated in certipy, thank you!

Software and misc guides

BPATTY[RELOADED] v1.2 release!

· 3 min read
Brian Johnson
Security Guy

Release notes for v1.2

New/updated content

  • atexec.py - new!
  • bbot - new!
  • docker - new!
  • exiftool - new!
  • farmer.exe - added code snippet to help the WebClient service start automatically
  • gettgtpkinit.py - new!
  • getst.py - new!
  • gettgt.py - new!
  • hashcat - corrected information about IPMI cracking
  • impacket - new!
  • jq - new! - starting with a command to take just computer names and descriptions out of a computers.json file from BloodHound
  • klist - new!!
  • metasploit - added information about using an RHOSTS file, as well as logging all output to a "spool" file
  • mergy.py - new! - takes a list of machines running WebClient and smashes it together with an output file full of machine names and descriptions
  • net.py - new!
  • netexec - added better way to find hosts without SMB signing, as well as finding/sorting shares
  • nmap - added notes about finding "up" hosts from IPMI scan
  • FGDS.sh - new! - script for Google dorking while also using ProtonVPN to rotate IPs
  • pingloop.sh - new! - when you need to ping sweep through a list of hosts regularly to monitor when they come online!
  • ProtonVPN command line reference - new!
  • ProtonVPN IP cycler - new! - script to rotate your ProtonVPN IP every few minutes
  • rbcd.py - new!
  • secretsdump.py - added correction to dumping hashes with history included
  • smbclient.py - new!
  • winrm - new! - for remoting into stuff
  • wmiexec.py - new!
  • pywhisker.py - new!

New things in the oven for future releases

Tools

General cleanup

  • Review all docs tagged with review
  • Go back into each tool page and provide the source download link
  • Under review: a BPATTY reader noted "I’d have to disagree with your comment in certipy.py on bpatty, about a 401 unauthorized means the endpoint has been hardened. A 401 is exactly what we want as the web app is blocking us as we didn’t provide creds to log on. Having the site accessible is good news. Having a 403 Forbidden on the other hand, is generally bad news and I’ve never had this work."

Software and misc guides

BPATTY[RELOADED] v1.1 release!

· 2 min read
Brian Johnson
Security Guy

BPATTY turns 1.1 today for its 1-week anniversary. So, so exciting, right? Yes, it is indeed! I got a truckload of goodies for you!

Release notes for v1.1

We've now got searching capabilities courtesy of Algolia!! Check the upper right of the screen and click into the little magnifying glass dealy!

New/updated content

New things in the oven for BPATTY[RELOADED] v1.2

  • SmartDeploy notes (I'm currently playing with a trial version)
  • Wazuh quick start guide

BPATTY[RELOADED] v1.0 release!

· One min read
Brian Johnson
Security Guy

Welp, if you're reading this, then BPATTY has been successfully Docusaurus-ized, and here you are!

This 1.0 release takes some the relevant info/scripts/pages/etc. (I'm still working on the migration) from the original (and now read-only) BPATTY on GitHub along with a big import of my other tips and scripts I've been waiting to publish for a long time!

Lots more to come in coming weeks, and if you have an idea for an edit/addition or catch a spelling mistake or whatever, feel free to raise an issue and I'll get back to you as soon as I can.

Things I'll be working on next:

  • Adding search
  • Pulling the rest of the content from original BPATTY (that's still relevant)
  • Reviewing the documents tagged as review and cleaning them up

-- Brian

NppFTP is fun (I hope)

· One min read
Brian Johnson
Security Guy

On the Windows side of things I like using Notepad++, and am also trying to optimize my writing workflow by writing and posting things in Markdown format to BPATTY via SFTP. So far this NppFTP plugin has made that a snap. Sure, it might have malware and be sending my SFTP creds God knows where, but so far? Worth it!

On the Mac side of things, BBEdit has similar functionality.

-- Brian

BPATTY is reloading

· One min read
Brian Johnson
Security Guy

If you can read this, the upgrade from old school BPATTY to BPATTY[RELOADED] is happening.

It will be a slow process, but we'll get there.

I'll use this blog to punch in updates as I make them.

-- Brian