Skip to main content

Posts

Featured

NSE:clock-skew (EXAMPLE)

Clock skew is an interesting thing to discover during a scan.  However it also can be a bit confusing Nmap.org describes the vuln hunting process as such. "At the end of the scan, it will show groups of systems that have similar median clock skew among their services. This can be used to identify targets with similar configurations, such as those that share a common time server." The primary purpose of the scan is to potentially identify additional targets. How does this scan help? Because checking services that report timestamps can reveal additional targets that may have similar configurations.  If you are able to exploit a target and another machine has similar configurations then your exploit may be able to be recycled for lateral movement, eventually allowing for an opportunity to escalate. In the screen shot below we receive output on clock skew after running a general script scan on the target. #nmap -sV -sC <IP> Reference: [1]https://nmap.org/nsedoc/scripts/clo

Latest posts

Image

How to Use linPEAS.sh and linux-exploit-suggester.pl

Image

Are Professional Certs a Waste of Time?

Image

Spam on Blogger (Anatomy of SPAM comments)

Image

Capture Filter VS. Display Filter

Image

Enumerating and Exploiting SAMBA

Image

NSE: rtsp-url-brute (How to Connect to RTSP via VLC Media Player)