Author
This was an intermediate Windows machine that involved crawling a username and password from a web application to access RPC, through which a password stored in a printer’s description can be found in order to obtain remote access to the box, and exploiting a known vulnerability with the SeLoadDriverPrivilege permission to escalate privileges to SYSTEM.
Read moreThis was an intermediate Linux machine that involved exploiting an SQL injection vulnerability to gain access to a traceroute page affected by a remote command vulnerability in order to obtain a reverse shell, and exploiting a PHP function used in a cron hob to gain root-level code execution and therefore a root shell.
Read moreThe .bashrc file is a script used in Linux-based operating systems that is executed whenever a user logs in. It contains important configurations for the terminal session such as the coloring, aliases, history length, or any commands that need to be executed at login.
It is a hidden file as it begins with a dot and it is normally located in the user’s home directory and like other files stored in this location, by default, it can be read by all users although it can only be edited by the owner or super users. If improper permissions have been applied to this file, it could allow potential attackers to add malicious commands that will be run when the user logs in.
Read moreThis was an easy Solaris machine that required enumerating users in the Finger service to identify the sunny user, bruteforcing it with Hydra to authenticate via SSH, cracking a user hash found in a backup folder to escalate to the sammy user and exploiting the SUID permission set against Wget to escalate privileges to root.
Read moreThis was a fairly easy Windows machine that involved bruteforcing credentials to authenticate into the BlogEngine web application, exploiting a remote code execution vulnerability affecting it to gain remote access and an insecure service file permission vulnerability in the Splinterware System Scheduler application to escalate privileges to SYSTEM.
Read morePenTest+ is one of the most recent CompTIA cyber security certifications, it is designed for cyber security professionals or students who aspire to be in a role with an emphasis in penetration testing and the offensive side of cyber security.
It was initially released on the 31st July 2018 and since at the time I was preparing for OSCP and I had already done A+, Network+ and Security+ I thought this was the best way forward.
Read moreThis was an easy Windows box that involved exploiting the EternalBlue SMB vulnerability which is part of the MS17-010 security bulletin.
Read moreNmap is a free and open-source network scanner that is often used during penetration tests to discover hosts and services on a computer network by sending packets and analyzing the responses.
The tool provides a number of features top help identifying services and their versions, testing for known vulnerabilities, bruteforcing credentials, detecting operating system information and much more.
Read moreWhen interviewing for a penetration testing job, you will most probably be required to answer a number of technical questions so that the interviewer can get a good understanding of your current level of knowledge and skill.
This guide will try to cover the most common questions that you are likely to come across during a pentesting interview. If you are already a penetration tester or have been studying pentesting for a while, most of these concepts and techniques should already be very familiar to you.
Read moreWindows operating systems, like most systems, have a way of scheduling the launch of programs or scripts based on certain time intervals to help automate recurring tasks. This can often become weaknesses and allow attackers to escalate privileges to root if improperly configured.
This guide will go through the main methods used to exploit scheduled tasks.
Read more