Tag

Pentesting

Enumeration, Guides

SMB Enumeration Guide

Introduction

Server Message Block is a network protocol used to provide shared access to files, printers, and serial ports between nodes on a network. SMB servers can be accessed through various command-line tools such as SMBClient or through file browsing tools. This service runs on either port 139 or port 445 by default.

This guide will cover the main methods to enumerate an SMB server in order to find potential vulnerabilities or misconfiguration.

Read more
Guides, Privilege Escalation, Windows

Windows Privilege Escalation – DLL Hijacking

Introduction

DLLs (Dynamic Link Library) are libraries that contain code and procedures used by Windows programs. They are similar to EXE files as they are based on the Portable Executable (PE) file format although they cannot be executed directly. They are similar to .so (Shared Library) files in Unix.

DLL hijacking is a method of injecting malicious code into a given service or application by loading an evil DLL, often replacing the original one, that will be executed when the service starts. This is possible due to the way some Windows applications search and load DLLs, more specifically, if the path to a service’s DLL isn’t already loaded or stored in the system, Windows will start looking for it in the environment path, an attacker can therefore place the malicious DLL in a directory that is part of it to trigger the malicious code.

Read more
Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Credentials Harvesting

Introduction

Linux-based operating systems and applications often store clear text, encoded or hashed credentials in files or in memory.

When gaining initial access to a Linux machine and performing privilege escalation enumeration steps, often passwords can be found through these means and they can be used to further escalate privileges.

There are various methods to harvest credentials in a Linux system in order to escalate privileges, the following ones are the most common and they are always worth a try.

Read more
CTF Walkthroughs, Hack The Box

Hack The Box – Fuse Walkthrough

Introduction

This was an intermediate Windows machine that involved crawling a username and password from a web application to access RPC, through which a password stored in a printer’s description can be found in order to obtain remote access to the box, and exploiting a known vulnerability with the SeLoadDriverPrivilege permission to escalate privileges to SYSTEM.

Read more
CTF Walkthroughs, Hack The Box

Hack The Box – CronOS Walkthrough

Introduction

This was an intermediate Linux machine that involved exploiting an SQL injection vulnerability to gain access to a traceroute page affected by a remote command vulnerability in order to obtain a reverse shell, and exploiting a PHP function used in a cron hob to gain root-level code execution and therefore a root shell.

Read more