Author
This was a fairly easy Linux box that involved exploiting an arbitrary file upload vulnerability in the My Image plugin of the Nibbleblog web application in order to upload a reverse shell, and a script with sudo permissions allowed to escalate privileges to root.
Read moreLXC is the well-known and heavily tested low-level Linux container runtime. It is in active development since 2008 and has proven itself in critical production environments world-wide. LXD is a next generation system container manager. that offers a user experience similar to virtual machines but using Linux containers instead.
The LXC/LXD groups are used to allow users to create and manage Linux containers. These can be exploited by creating a root-level privilege container from the current file system and interacting with it, executing /bin/sh and therefore starting a root shell.
Read moreFTP is a network protocol used to transfer files from a server to a client over a network. FTP servers can be accessed either via the ftp command-line tool or via third-party applications such as FileZilla. This service runs on port 21 by default.
This guide will cover the main methods to enumerate an FTP server in order to find potential vulnerabilities or misconfigurations.
Read moreThe Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.
It comes with the Penetration Testing with Kali video and PDF course and it’s one of the major certifications in the penetration testing world. In this article I take the time to talk about the journey that brought me to achieving this certification, all of the steps I followed, the learning material and platforms I used to prepare etc.
Read moreSecure Shell (SSH) is a cryptographic network protocol which allows users to securely perform a number of network services, such as remote authentication or file transfer, over an unsecured network. SSH keys provide a more secure way of logging into a server through SSH than via a password authentication.
If improperly configured, SSH keys could allow an attacker to authenticate as another user to escalate privilege, potentially even as root.
Read moreUdemy is a platform that allows instructors to build online courses on their preferred topics. Students can purchase courses knowing they have been developed by professionals in a given field which award a certificate upon completion. There are a lot of valid courses on Udemy that teach various IT skills such as programming, networking, cyber security and much more.
If you are looking to start a career in cyber security or more specifically penetration testing, Udemy can be a great place to start.
Read moreIn Linux, groups are an attribute that can be allocated to users to allow them to access certain files/binaries or perform certain actions in the operating system.
Some groups, when assigned to a given user, can allow them to perform actions that go beyond their usual privileges and potentially escalate privileges to root.
Read moreStack buffer overflow is a memory corruption vulnerability that occurs when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer, therefore overflowing to a memory address that is outside of the intended data structure.
This will often cause the program to crash, and if certain conditions are met, it could allow an attacker to gain remote control of the machine with privileges as high as the user running the program, by redirecting the flow execution of the application to malicious code.
The purpose of this guide is to teach the basics of stack buffer overflow, especially for students preparing for the OSCP certification exam.
Read moreLinux has several access attributes that can allow users or groups to perform certain actions against files, such as execute, modify or view files.
SUID (Set User Identification) and GUID (Set Group Identification) are permissions that allow users to execute a binary or script with the permissions of its owner (SUID) or of its group (GUID).
Some binaries have this permission by default as they require to perform certain actions with elevated privileges, for example the passwd binary needs to run as root in order to change a user’s password, although certain binaries can be exploited to escalate privileges if they have the SUID bit set.
Read moreThis guide will demonstrate the various steps involved in exploiting the remote buffer overflow vulnerability that is present in the Seattle Lab Mail (SLMail) 5.5 POP3 application, in order to gain remote access to a vulnerable machine.
A POC along with the vulnerable software can be found at this link.
Read more