Linux Privilege Escalation – Exploiting Bashrc

Introduction

The .bashrc file is a script used in Linux-based operating systems that is executed whenever a user logs in. It contains important configurations for the terminal session such as the coloring, aliases, history length, or any commands that need to be executed at login.

It is a hidden file as it begins with a dot and it is normally located in the user’s home directory and like other files stored in this location, by default, it can be read by all users although it can only be edited by the owner or super users. If improper permissions have been applied to this file, it could allow potential attackers to add malicious commands that will be run when the user logs in.

March 20, 2021 | by Stefano Lanaro | 2 Comments

CTF Walkthroughs, Hack The Box

Hack The Box – Sunday Walkthrough

Introduction

This was an easy Solaris machine that required enumerating users in the Finger service to identify the sunny user, bruteforcing it with Hydra to authenticate via SSH, cracking a user hash found in a backup folder to escalate to the sammy user and exploiting the SUID permission set against Wget to escalate privileges to root.

March 19, 2021 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, TryHackMe

TryHackMe – HackPark Walkthrough

Introduction

This was a fairly easy Windows machine that involved bruteforcing credentials to authenticate into the BlogEngine web application, exploiting a remote code execution vulnerability affecting it to gain remote access and an insecure service file permission vulnerability in the Splinterware System Scheduler application to escalate privileges to SYSTEM.

March 18, 2021 | by Stefano Lanaro | 5 Comments

Certifications, Reviews

CompTIA PenTest+ Certification Review

Introduction

PenTest+ is one of the most recent CompTIA cyber security certifications, it is designed for cyber security professionals or students who aspire to be in a role with an emphasis in penetration testing and the offensive side of cyber security.

It was initially released on the 31st July 2018 and since at the time I was preparing for OSCP and I had already done A+, Network+ and Security+ I thought this was the best way forward.

March 16, 2021 | by Stefano Lanaro | Leave a comment

Cheat Sheets, Resources

Nmap Cheat Sheet

Introduction

Nmap is a free and open-source network scanner that is often used during penetration tests to discover hosts and services on a computer network by sending packets and analyzing the responses.

The tool provides a number of features top help identifying services and their versions, testing for known vulnerabilities, bruteforcing credentials, detecting operating system information and much more.

March 13, 2021 | by Stefano Lanaro | Leave a comment

Cheat Sheets, Resources

Penetration Testing Interview Questions Cheat Sheet

Introduction

When interviewing for a penetration testing job, you will most probably be required to answer a number of technical questions so that the interviewer can get a good understanding of your current level of knowledge and skill.

This guide will try to cover the most common questions that you are likely to come across during a pentesting interview. If you are already a penetration tester or have been studying pentesting for a while, most of these concepts and techniques should already be very familiar to you.

March 5, 2021 | by Stefano Lanaro | 4 Comments

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Scheduled Tasks

Introduction

Windows operating systems, like most systems, have a way of scheduling the launch of programs or scripts based on certain time intervals to help automate recurring tasks. This can often become weaknesses and allow attackers to escalate privileges to root if improperly configured.

This guide will go through the main methods used to exploit scheduled tasks.

March 3, 2021 | by Stefano Lanaro | 2 Comments

Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Exploiting the LXC/LXD Groups

Introduction

LXC is the well-known and heavily tested low-level Linux container runtime. It is in active development since 2008 and has proven itself in critical production environments world-wide. LXD is a next generation system container manager. that offers a user experience similar to virtual machines but using Linux containers instead.

The LXC/LXD groups are used to allow users to create and manage Linux containers. These can be exploited by creating a root-level privilege container from the current file system and interacting with it, executing /bin/sh and therefore starting a root shell.

March 1, 2021 | by Stefano Lanaro | Leave a comment

Enumeration, Guides

FTP Enumeration Guide

Introduction

FTP is a network protocol used to transfer files from a server to a client over a network. FTP servers can be accessed either via the ftp command-line tool or via third-party applications such as FileZilla. This service runs on port 21 by default.

This guide will cover the main methods to enumerate an FTP server in order to find potential vulnerabilities or misconfigurations.

February 27, 2021 | by Stefano Lanaro | Leave a comment

Certifications, Learning Material, Reviews, Training Labs

My OSCP Journey^Featured

Introduction

The Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.

It comes with the Penetration Testing with Kali video and PDF course and it’s one of the major certifications in the penetration testing world. In this article I take the time to talk about the journey that brought me to achieving this certification, all of the steps I followed, the learning material and platforms I used to prepare etc.

February 22, 2021 | by Stefano Lanaro | 7 Comments

Pentesting

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction