Tag
In Linux, groups are an attribute that can be allocated to users to allow them to access certain files/binaries or perform certain actions in the operating system.
Some groups, when assigned to a given user, can allow them to perform actions that go beyond their usual privileges and potentially escalate privileges to root.
Read moreStack buffer overflow is a memory corruption vulnerability that occurs when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer, therefore overflowing to a memory address that is outside of the intended data structure.
This will often cause the program to crash, and if certain conditions are met, it could allow an attacker to gain remote control of the machine with privileges as high as the user running the program, by redirecting the flow execution of the application to malicious code.
The purpose of this guide is to teach the basics of stack buffer overflow, especially for students preparing for the OSCP certification exam.
Read moreLinux has several access attributes that can allow users or groups to perform certain actions against files, such as execute, modify or view files.
SUID (Set User Identification) and GUID (Set Group Identification) are permissions that allow users to execute a binary or script with the permissions of its owner (SUID) or of its group (GUID).
Some binaries have this permission by default as they require to perform certain actions with elevated privileges, for example the passwd binary needs to run as root in order to change a user’s password, although certain binaries can be exploited to escalate privileges if they have the SUID bit set.
Read moreThis guide will demonstrate the various steps involved in exploiting the remote buffer overflow vulnerability that is present in the Seattle Lab Mail (SLMail) 5.5 POP3 application, in order to gain remote access to a vulnerable machine.
A POC along with the vulnerable software can be found at this link.
Read moreThis was an easy Windows box that involved authenticating to Jenkins using common credentials, executing commands through the Groovy scripting language used in the script console to gain remote access and using token impersonation to escalate privileges to SYSTEM.
It also involved switching from a normal shell to a Meterpreter shell and migrating from a user level process to a SYSTEM level process.
Read moreWhen performing enumeration steps during a penetration test, there is often the need to transfer files to or from the victim machine, for example to run custom scripts or analyze files further in a controlled environment.
There are different techniques and tools that can be used to transfer files and depending on the target operating system and installed software these may or may not work. The purpose of this cheat sheet is to provide an exhaustive resource for transferring files using command-line interfaces.
Read moreOffensive Pentesting is one of the learning paths available on the TryHackMe platform. It is primarily designed for students preparing for the Offensive Security Certified Professional certification exam.
It contains both rooms that step the students through the various exploitation steps as well as rooms that aim to simulate a black box penetration test.
Read moreThe Windows installer is a utility which through the use MSI packages can install new software. The AlwaysInstallElevated is a Windows policy that allows unprivileged users to install software through the use of MSI packages using SYSTEM level permissions, which can be exploited to gain administrative access over a Windows machine.
This option is equivalent to granting full SYSTEM rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Read moreRunas is a Windows command-line tool that allows a user to run specific tools, programs or commands with different permissions than the user’s current logon provides.
If a user’s credentials are cached in the system, the Runas command can be run using the /savecred flag which will automatically authenticate and execute the command as that user.
Read moreWindows services are sometimes configured with weak permissions linked to the service itself, or to the directory the service is being run from.
This can allow attackers to manipulate the service in order to execute arbitrary code when it starts and escalate privileges to SYSTEM.
Read more