Buff is a retired vulnerable Windows machine available from HackTheBox. The machine maker is egotisticalSW, thank you. It has an Easy difficulty with a rating of 3.6 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is to obtain root shell together with both user & […]
Tabby is a retired vulnerable Linux machine available from HackTheBox. The machine makers are egre55, thank you. It has an Easy difficulty with a rating of 4.8 out of 10. This is a nice box. I enjoy it and learn something new. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. […]
Blunder is a retired vulnerable Linux machine available from HackTheBox. The machine maker is egotisticalSW, thank you. It has an Easy difficulty with a rating of 4.1 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. No automated tools are needed. The goal is to obtain root shell […]
Cache is a retired vulnerable Linux machine available from HackTheBox. The machine maker is ASHacker, thank you. It has an Medium difficulty with a rating of 5 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is to obtain root shell together with both user & […]
Admirer is a retired vulnerable Linux machine available from HackTheBox. The machine makers are polarbearer & GibParadox, thank you. It has an Easy difficulty with a rating of 5.3 out of 10. This is a great box. I really enjoy it. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The […]
Curling is a retired vulnerable Linux machine available from HackTheBox. The machine maker is L4mpje, thank you. It has an Easy difficulty with a rating of 4.4 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is to obtain root shell together with both user & […]
Remote is a retired vulnerable Windows machine available from HackTheBox. The machine maker is mrb3n, thank you. It has an Easy difficulty with a rating of 4.7 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. No automated tools are needed. The goal is to obtain root shell […]
Jarvis is a retired vulnerable machine available from HackTheBox. The machine maker is manulqwerty & Ghostpp7, thank you. It has a Medium difficulty with a rating of 4.9 out of 10. I think it’s somewhat between easy & medium. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is […]
Mirai is a retired vulnerable machine available from HackTheBox. The machine maker is Arrexel, thank you. It is a pretty easy machine with a difficulty rating of 3.7 out of 10. No automated tools are required to solve the machine. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal […]
Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made Easy Explanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and password hash Privilege Escalation Vulnerability: Hijack Command Execution by Path Interception Explanation: A writable bin folder exists in the execution search PATH and is […]
Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCD Explanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuser Explanation: It can execute as root and is looking for another command to execute in which we can exploit Enumeration nmap -p- -A -T4 10.10.10.117 TCP 22: OpenSSH 6.7p1 […]
VM: Jarbas 1 Goal: Obtain root shell Approach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Port Scanning nmap -p- -A 192.168.172.238 Port 22: OpenSSH 7.4 Port 80: Apache httpd 2.4.6 Port 3306: mysql (MariaDB) port 8080: http (Jetty 9.4.z-SNAPSHOT) Enumeration First browse through the main website which found nothing of interests. All […]
Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Jenkins Script Console Explanation: Jenkins management console is available without login and resulted in code execution through the Script Console Privilege Escalation Vulnerability: Weak master password of keepass file Explanation: keepass is used to store credentials including some administrative credentials. However, weak password is used to […]
Target IP: 10.10.10.114 Exploitation Summary Initial Exploitation Vulnerability: Security through obscurity Explanation: Credentials are obscured in javascript function within the website. Privilege Escalation Vulnerability: sudo git pull Explanation: hook script for post-merge can be defined to perform code execution as root Enumeration nmap -p- -A -T4 10.10.10.114 TCP 22: OpenSSH 7.6p1 TCP 80: nginx Initial […]
Target IP: 10.10.10.110 Exploitation Summary Initial Exploitation Vulnerability: Command execution on /api/brew.py Explanation: The api script is testing ABV parameter to ensure value is less than or equal to 1.0. However eval function is used that allows code injection. Privilege Escalation (user) Vulnerability: critical information stored in git Explanation: ssh private key is stored in […]
It’s a painful, yet wonderful and fun journey in summary. It’s full blown practical. You can’t just read some books, practice some multiple choice questions and pass the exam. You have to immense yourself in practice, practice and practice. It’s roller coaster in emotion. It’s frustrating, depressing and humiliating when I get stuck and going […]
VM: Dina 1.0.1 Goal: acquire root access Approach: solve without automated exploitation tools Enumeration Target Discovery First locate the IP address of my target: nmap -n -sn 192.168.172.200- Port Scanning nmap -P- -A 192.168.172.234 Ports Service/Banner TCP: 80 Apache 2.2.22 (Ubuntu) Let’s look at the website. There’s a few folders found by nmap. Then only […]
VM: Kioptrix: Level 1 Goal: acquire root access Approach: solve without automated exploitation tools Target discovery First step is to locate the IP address of my target: nmap -n -sn 192.168.172.200-254 Enumeration Target: 192.168.172.233 Now I use nmap to scan through all TCP ports nmap -p- 192.168.172.233 Then do a more detail scan on open […]
VM: pWnOS Goal: acquire root access Approach: solve without automated exploitation tools Network IP address fix for VMware If the VM does not obtain an IP address automatically. do the following to fix it: Reset the root password login to Holynix as root run command: rm /etc/udev/rules.d/70-persistent-net.rules reboot Holynix: shutdown -r 0 After doing this, […]
Target: 10.10.10.68 Goal: Root access Port Scanning nmap -p- -A 10.10.10.68 Port 80/tcp: Apache httpd 2.4.18 Enumeration Directory scan using gobuster gobuster -u http://10.10.10.68/ -w common.txt -s “200,204,301,302,307,401,403” -x “txt,html,php,jsp” First browse around the website and follow the links. Does not find anything of interests. Then I check the folders found by gobuster and notice […]
Target: 10.10.10.56 Goal: Root access Port Scanning nmap -p- -A 10.10.10.56 Port 80/tcp: Apache httpd 2.4.18 Port 2222/tcp: SSH (OpenSSH 7.2p2 Ubuntu 4ubuntu2.2) Enumeration Let’s look at the website: Only an image. There’s no other information or links. Let’s use gobuster to see any hidden files or directories: gobuster -u http://10.10.10.56:80/ -w /usr/share/seclists/Discovery/Web-Content/common.txt -e -k […]
VM: Holynix: v1 Goal: acquire root access Approach: solve without automated exploitation tools Network IP address fix When I start the Holynix virtual machine using VMware Workstation 15 Player, the VM does not obtain an IP address automatically. I did the following to fix this issue: Reset the root password login to Holynix as root […]
Reset Linux root password is not hard if you have physical access to the Linux box. All you need is Kali live CD (or other Linux live CD). This guide will show you how to reset Linux root password on VMware Linux virtual machine. But it’s exactly the same process on a physical Linux box. […]
VM: LAMPSecurity: CTF4 Goal: Gain root access Approach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Port Scanning nmap -p- -A 192.168.172.237 Port 22: OpenSSH 4.3 Port 80: Apache httpd 2.2.0 Also found 5 hidden folders /mail/, /restricted/, /conf/, /sql/, /admin/ at port 80. Looks like web server should be checked out first. […]
Update: Passed my OSCP exam in mid December. Check out my little writeups. Honestly, where to start? How to start so I won’t waste my effort or doing things in wrong order. I would like to have a general idea on how I may progress into gaining more knowledge & hands-on experience gradually. I have […]
Software development has been my strength and focus for as long as I started owning a computer. I enjoy building libraries, applications and systems that make things work. But I always have a passion on security. Not only to develop quality code to minimize bugs and vulnerabilities, but be also able to protect & defend […]