Kioptrix rpcclient “NT_STATUS_ACCESS_DENIED” After Connect: Switching Pipes (samr/lsarpc) Without Guessing

by
rpcclient NT_STATUS_ACCESS_DENIED

Beyond the NT_STATUS_ACCESS_DENIED Wall “Connected” is the most expensive lie rpcclient tells. You fire off one confident command, and the target answers with the same icy refrain: NT_STATUS_ACCESS_DENIED. On Kioptrix-era boxes and modern Samba/Windows configs alike, the problem isn’t transport, it’s the wrong door. While the SMB session binds, specific RPC procedures (often SAMR) are … Read more

Kioptrix rpcclient can connect but enumdomusers fails: 6 commands that still leak info (Working Title)

by
rpcclient enumdomusers fails

Beyond the enumdomusers Dead End When rpcclient connects but enumdomusers fails, you hasn’t hit a dead end—you’ve hit a badge reader. The session is real; the door is just the wrong one. While most testers resort to tool-hopping and “retry-spamming,” the target is often just enforcing partial SMB/RPC rights. This post introduces the “Leak Ladder”: … Read more

Kioptrix SMB null session works on 139 but fails on 445: what that implies (Working Title)

by
SMB null session port 139 vs 445

Decoding the SMB Handshake: Port 139 vs. 445 Port 139 gives you a friendly handshake. Port 445 stares at you like you brought the wrong badge to the wrong building. When an SMB null session works on 139 but fails on 445, it isn’t “Kioptrix luck.” It’s a precision clue about transport and rules: NetBIOS … Read more

Kioptrix smbmap “NT_STATUS_LOGON_FAILURE” triage: username format + domain blank test (Working Title)

by
smbmap NT_STATUS_LOGON_FAILURE

Stop Chasing SMB Mysteries: Mastering NT_STATUS_LOGON_FAILURE The fastest way to waste an afternoon is treating smbmap NT_STATUS_LOGON_FAILURE like a network mystery. Port 445 is fine; the target is simply rejecting how you’re presenting identity. NT_STATUS_LOGON_FAILURE is an authentication status, not a timeout or routing problem. It typically points to credential context issues (domain vs. local), … Read more

Kioptrix smbmap shows shares but access denied: how to verify creds vs guest fallback (Working Title)

by
SMBMap access denied

The SMB Ghost Win: From Enumeration to Actual Access SMBMap shows shares, but Access Denied is the SMB equivalent of a bouncer nodding at you, then stopping you at every door. The share list looks like a win, but it can be nothing more than a well-mannered Guest or Anonymous session letting you read the … Read more

Nuclei Template Tuning: Filters, Tags, and Matchers That Reduce False Positives

by
Nuclei template tuning

Stop Chasing Ghost Hits The fastest way to waste a weekend is to celebrate a Nuclei run with “hundreds of findings”… then watch 90% of them dissolve the moment you click through. That’s not paranoia. That’s single-signal matching, redirect sink pages, and WAF/CDN “helpfulness” turning your scanner into a confetti cannon. Nuclei template tuning is … Read more

Chisel vs Ligolo-NG: Use-Case Selection Table for Port Forwarding & Proxying (Pick the Right Tunnel Fast)

by
Chisel vs Ligolo-NG

Silent Failures & Network Primitives At 2:07 AM, tunnels don’t fail loudly. They fail quietly, with the exact kind of “it should work” confidence that ruins sleep. If you’re choosing Chisel vs. Ligolo-NG for port forwarding and proxying, the real mistake isn’t picking the “wrong” tool. It’s picking the wrong network primitive and then spending … Read more

Ligolo-NG Setup Guide: Troubleshooting Tunnel Failures in NAT Environments (Without Guessing)

by
Ligolo-NG setup guide

Ligolo-NG Setup Guide Solving the NAT-induced “Velvet Curtain” effect. “Agent connected.” Tunnel started. Then every packet you send into the internal network evaporates like it hit a velvet curtain. The fastest way out is not another restart, not another route you half-remember. It’s a 5-minute truth test that tells you which layer is lying. This … Read more

VDP (Vulnerability Disclosure Policy) + security.txt: Public Location & Wording Templates

by
Vulnerability Disclosure Policy

The Calm Path to Vulnerability Disclosure A bug report is either a quiet knock on your door or a flare shot over Twitter, and the difference is often one boring file in one predictable place. If you’re shipping a US SaaS product, a clear Vulnerability Disclosure Policy (VDP) and a standards-aligned security.txt stop security reports … Read more

Pen Test Report Reading Guide for Founders: The “Ignore This and You’re in Trouble” Items

by
how to read a penetration test report

The Dangerous Reality of Penetration Test Reports The most dangerous line in a penetration test report is not “Critical.” It’s “Medium” paired with a screenshot that quietly proves an attacker path. If you’re a founder, you didn’t pay for a PDF so you could debate CVSS scores at midnight. You paid to find the few … Read more