Tag
This was an easy Linux box that involved gaining initial access by exploiting a vulnerability in ProFTPD to copy a user’s SSH key to a world-readable directory, grabbing it using SMB and using it to authenticate to via SSH and exploiting a vulnerable SUID binary in conjunction with PATH Environmental Variable manipulation to escalate to root.
Read moreThe /etc/passwd file is used in Linux operating systems to store user information such as user hashes, groups, home directory and more.
If improper file permissions are used for this file, this could allow attackers to escalate privileges to root.
Read moreThis was an easy Windows box that involved exploiting the PUT method in the WebDAV extension of the HTTP protocol to upload a reverse shell in order to obtain remote access, and exploiting a Windows vulnerability in the win32k.sys kernel mode driver.
Read moreI really enjoyed this box, even though the initial exploitation phase isn’t something new as it exploits the EternalBlue vulnerability, but it then shows how to convert a normal shell to a Meterpreter shell, how to migrate to a SYSTEM level process and how to dump and crack user hashes.
Read moreVulnserver is a multithreaded Windows based TCP server that listens for client connections on port 9999 and it is primarily used for Stack Buffer Overflow exploitation practice.
I was suggested this great tool when preparing for my OSCP certification exam as I didn’t feel like confident enough when it came to Buffer Overflow.
Read moreWhen enumerating web applications, we often find ourselves in front of a file upload file that allows us to potentially upload malicious files onto the application, such as a PHP or ASP shell, although these will often have certain restrictions that will only allow certain file types, extensions, file names or contents.
Through this checklist, I hope to cover most of the possible bypass methods that can be used to get past this restriction.
Read moreI found this great material when preparing for my OSCP certification exam, I had already finished all of the exercises including the Buffer Overflow ones but I wanted to do some more practice as I wanted to be 100% ready on this subject to ensure I was getting the 25 points awarded for this machine.
Read moreThis was a very peculiar box, as it involved sending a password change link to a user from a web application in order to reset his password, uploading a PHP shell via SMB to gain remote code execution and therefore a shell, and using a password found in the underlying system’s bash history file to login as the administrator user
Read moreThis is a Linux box that involved exploiting the PUT http method to upload a PHP script through which a reverse shell can be obtained, and then using a known vulnerability in the chkrootkit program to escalate to root.
Read morePrivilege escalation is a crucial step in the penetration testing lifecycle, through this checklist I intend to cover all the main vectors used in Windows privilege escalation, and some of my personal notes that I used in previous penetration tests.
Read more