liveHostPortScan
Discover live hosts in subnet and scan for open ports.
tool bash scanner
Posts by Tag
- tool 5
- python 4
- scanner 4
- note 3
- htb 3
- privesc 3
- linux 3
- decryption 2
- web 2
- bash 2
- bruteforce 2
- caesar 1
- pentest 1
- nmap 1
- redis 1
- webmin 1
- miniserv 1
- OpenNetAdmin 1
- nano bin 1
- wget 1
- SUID 1
- mongodb 1
- jjs 1
- PrependSetuid 1
- jjs bash SUID 1
- LD_PRELOAD 1
- source code 1
- encryption 1
- adminer 1
- shutil 1
- python library hijacking 1
- dll injection 1
- dnscmd.exe 1
- smbserver.py 1
- smb login bruteforce 1
- azure ad 1
- plaintext creds 1
- evil-winrm 1
- ctf 1
- javascript 1
- php 1
- malware 1
- antivirus 1
- cewl 1
- sudo 1
- lxd 1
- WAR 1
- Tomcat9 1
- fcrackzip 1
- Kernel Exploits 1
- Stored Passwords 1
- Weak File Permission 1
- SSH Keys 1
- Abusing Intended Functionality 1
- Sudo (Shell Escaping) 1
- Sudo (LD_PRELOAD) 1
- SUID (Shared Object Injection) 1
- SUID (Symlinks) 1
- SUID (Environment Variables) 1
- Cron 1
- NFS Root Squashing 1
- AD 1
- enum4linux 1
- smbmap 1
- smbclient 1
- kerbrute 1
- kerberos 1
- pass the hash 1
- secretdump 1
- psexec 1
- iot 1
- thm 1
- netgear 1
- CVE-2016-1555 1
- sqli 1
- persistence 1
tool
HttpWaf Login Bruteforce
Http Login Bruteforce python script with WAF fingerprint and Web Protection fingerprint
tool python scanner bruteforcecleanTask.bat
I got a task to clean some malicious files in Windows. Instead of removing manually the malicious files, im going to do simple batch script to automated the task. Due to the privacy, im just write the dummy malicious samples.
tool bash scannerSimple Python-scanning-tool
I got a task to make a simple script to scan for open ports during my class HACKING-TECHNIQUES-AND-PREVENTION project.
tool python scannerCryptography-Caesar-Cipher-with-Python
I got a task to make a simple script to brute force Caesar Cipher using Python during my class HACKING-TECHNIQUES-AND-PREVENTION project.
tool python caesar decryptionpython
Exploiting Bug on the Python-based Web Server for RCE
It was a medium-difficulties Linux box that allowed players to spot an initial access bug on the python-based web server. Once we have initial access to the reverse shell, another script to encrypt the password would have to be examined to gain higher privilege
HttpWaf Login Bruteforce
Http Login Bruteforce python script with WAF fingerprint and Web Protection fingerprint
tool python scanner bruteforceSimple Python-scanning-tool
I got a task to make a simple script to scan for open ports during my class HACKING-TECHNIQUES-AND-PREVENTION project.
tool python scannerCryptography-Caesar-Cipher-with-Python
I got a task to make a simple script to brute force Caesar Cipher using Python during my class HACKING-TECHNIQUES-AND-PREVENTION project.
tool python caesar decryptionscanner
liveHostPortScan
Discover live hosts in subnet and scan for open ports.
tool bash scannerHttpWaf Login Bruteforce
Http Login Bruteforce python script with WAF fingerprint and Web Protection fingerprint
tool python scanner bruteforcecleanTask.bat
I got a task to clean some malicious files in Windows. Instead of removing manually the malicious files, im going to do simple batch script to automated the task. Due to the privacy, im just write the dummy malicious samples.
tool bash scannerSimple Python-scanning-tool
I got a task to make a simple script to scan for open ports during my class HACKING-TECHNIQUES-AND-PREVENTION project.
tool python scannernote
notes-nmap-scripting
Notes i gathered after reading Practical Web Penetration Testing - Gus Khawaja. Service probing and enumeration. In the preceding step, we used the Nmap script to quickly probe each service that we found. In this step, we will take this information to the next step and try to probe aggressively. This script is too noisy in production environment. Hence, know your target is crucial. The Nmap scripts that we will use in the following examples are both very aggressive and time-consuming:
note htb nmapSimple-Guide-to-Web-Pentest
some references i made after enrolled udemy course by Zaid Sabih (Learn Website Hacking / Penetration Testing From Scratch)
note htb webCTF Pentesting Guide
some notes i gathered online when doing ctf pentesting. Super credit to all pages that have been mentioned. https://book.hacktricks.xyz/ https://sushant747.gitbooks.io/total-oscp-guide/ https://www.hackingarticles.in/penetration-testing/ https://guide.offsecnewbie.com/ https://github.com/swisskyrepo/PayloadsAllTheThings
note htb pentesthtb
notes-nmap-scripting
Notes i gathered after reading Practical Web Penetration Testing - Gus Khawaja. Service probing and enumeration. In the preceding step, we used the Nmap script to quickly probe each service that we found. In this step, we will take this information to the next step and try to probe aggressively. This script is too noisy in production environment. Hence, know your target is crucial. The Nmap scripts that we will use in the following examples are both very aggressive and time-consuming:
note htb nmapSimple-Guide-to-Web-Pentest
some references i made after enrolled udemy course by Zaid Sabih (Learn Website Hacking / Penetration Testing From Scratch)
note htb webCTF Pentesting Guide
some notes i gathered online when doing ctf pentesting. Super credit to all pages that have been mentioned. https://book.hacktricks.xyz/ https://sushant747.gitbooks.io/total-oscp-guide/ https://www.hackingarticles.in/penetration-testing/ https://guide.offsecnewbie.com/ https://github.com/swisskyrepo/PayloadsAllTheThings
note htb pentestprivesc
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
PrivEsc abusing Sudo (LD_PRELOAD)
noobuser@attackdefense:~$ id uid=999(noobuser) gid=999(noobuser) groups=999(noobuser) noobuser@attackdefense:~$ sudo -l Matching Defaults entries for noobuser on attackdefense: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, env_keep+=LD_PRELOAD User noobuser may run the following commands on attackdefense: (root) NOPASSWD: /usr/sbin/apache2
privesc LD_PRELOAD linuxPrivEsc abusing WGET SUID
https://www.ctf.live/challengedetails?cid=21 escape restricted shell fesal@rbash_attackdefense:~$ :set shell=/bin/bash :shell export PATH=.bin:/usr/bin/ echo $PATH use wget SUID to transfer file to /etc/sudoers cd /tmp vi sudoers :i[enter] - to edit file fesal ALL=(ALL) NOPASSWD:ALL :wq - - to save exit file python -m SimpleHTTPServer 8009 & -O /etc/sudoers ~~[why need '&' - to use terminal and simpleServer works in bg]~~ export URL=http://127.0.0.1:8009/sudoers export LFILE=/etc/sudoers wget $URL -O $LFILE sudo -i root@rbash_attackdefense:~$
privesc wget SUIDlinux
Common Linux Persistence Techniques
The adversary is attempting to keep their foothold. Persistence refers to strategies used by adversaries to maintain access to systems despite restarts, changing credentials, and other disruptions that may terminate their access.
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
PrivEsc abusing Sudo (LD_PRELOAD)
noobuser@attackdefense:~$ id uid=999(noobuser) gid=999(noobuser) groups=999(noobuser) noobuser@attackdefense:~$ sudo -l Matching Defaults entries for noobuser on attackdefense: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, env_keep+=LD_PRELOAD User noobuser may run the following commands on attackdefense: (root) NOPASSWD: /usr/sbin/apache2
privesc LD_PRELOAD linuxdecryption
Exploiting Bug on the Python-based Web Server for RCE
It was a medium-difficulties Linux box that allowed players to spot an initial access bug on the python-based web server. Once we have initial access to the reverse shell, another script to encrypt the password would have to be examined to gain higher privilege
Cryptography-Caesar-Cipher-with-Python
I got a task to make a simple script to brute force Caesar Cipher using Python during my class HACKING-TECHNIQUES-AND-PREVENTION project.
tool python caesar decryptionweb
HackerTest.net write-up
HackerTest.net is your own online hacker simulation. With 20 levels that require different skills to get to another step of the game, this new real-life imitation will help you advance your security knowledge. HackerTest.net will help you improve your JavaScript, PHP, HTML and graphic thinking in a fun way that will entertain any visitor! Have a spare minute? Log on! Each level will provide you with a new, harder clue to find a way to get to another level. Will you crack HackerTest.net?_
ctf web javascript phpSimple-Guide-to-Web-Pentest
some references i made after enrolled udemy course by Zaid Sabih (Learn Website Hacking / Penetration Testing From Scratch)
note htb webbash
liveHostPortScan
Discover live hosts in subnet and scan for open ports.
tool bash scannercleanTask.bat
I got a task to clean some malicious files in Windows. Instead of removing manually the malicious files, im going to do simple batch script to automated the task. Due to the privacy, im just write the dummy malicious samples.
tool bash scannerbruteforce
Bludit 3.9.2 Brute Force Mitigation Bypass, Code Execution Vulnerability in “Upload function” & sudo 1.8.27 - Security Bypass
Blunder is a linux box rate as easy. We need to obtain credential of Bludit v3.9.2 by bruteforce login in order to get a shell. Then, enumerate Bludit files to get user password to switch user into hugo. From there, we could abuse sudo vulnerability to gain root shell.
HttpWaf Login Bruteforce
Http Login Bruteforce python script with WAF fingerprint and Web Protection fingerprint
tool python scanner bruteforcecaesar
Cryptography-Caesar-Cipher-with-Python
I got a task to make a simple script to brute force Caesar Cipher using Python during my class HACKING-TECHNIQUES-AND-PREVENTION project.
tool python caesar decryptionpentest
CTF Pentesting Guide
some notes i gathered online when doing ctf pentesting. Super credit to all pages that have been mentioned. https://book.hacktricks.xyz/ https://sushant747.gitbooks.io/total-oscp-guide/ https://www.hackingarticles.in/penetration-testing/ https://guide.offsecnewbie.com/ https://github.com/swisskyrepo/PayloadsAllTheThings
note htb pentestnmap
notes-nmap-scripting
Notes i gathered after reading Practical Web Penetration Testing - Gus Khawaja. Service probing and enumeration. In the preceding step, we used the Nmap script to quickly probe each service that we found. In this step, we will take this information to the next step and try to probe aggressively. This script is too noisy in production environment. Hence, know your target is crucial. The Nmap scripts that we will use in the following examples are both very aggressive and time-consuming:
note htb nmapredis
Exploiting Redis 4.0.9 for RCE & Webmin 1.910 for PrivEsc
It’s an easy-rate box. We will exploit the Redis service to obtain the first interactive shell. Then, we will go up to the next user by reviewing further. We will use the documented CVE 2019–12840 vulnerability on the root shell to exploit the Webmin server.
webmin
Exploiting Redis 4.0.9 for RCE & Webmin 1.910 for PrivEsc
It’s an easy-rate box. We will exploit the Redis service to obtain the first interactive shell. Then, we will go up to the next user by reviewing further. We will use the documented CVE 2019–12840 vulnerability on the root shell to exploit the Webmin server.
miniserv
Exploiting Redis 4.0.9 for RCE & Webmin 1.910 for PrivEsc
It’s an easy-rate box. We will exploit the Redis service to obtain the first interactive shell. Then, we will go up to the next user by reviewing further. We will use the documented CVE 2019–12840 vulnerability on the root shell to exploit the Webmin server.
OpenNetAdmin
Exploiting OpenNetAdmin 18.1.1 & Escaping Nano to Root Shell
It has an OpenNetAdmin Web-based framework vulnerable to execution of Remote Code. We will compromise all users on the box after collecting some passwords and recon. One account has a sudo entry with nano root permissions which allows root privileges to raise.
nano bin
Exploiting OpenNetAdmin 18.1.1 & Escaping Nano to Root Shell
It has an OpenNetAdmin Web-based framework vulnerable to execution of Remote Code. We will compromise all users on the box after collecting some passwords and recon. One account has a sudo entry with nano root permissions which allows root privileges to raise.
wget
PrivEsc abusing WGET SUID
https://www.ctf.live/challengedetails?cid=21 escape restricted shell fesal@rbash_attackdefense:~$ :set shell=/bin/bash :shell export PATH=.bin:/usr/bin/ echo $PATH use wget SUID to transfer file to /etc/sudoers cd /tmp vi sudoers :i[enter] - to edit file fesal ALL=(ALL) NOPASSWD:ALL :wq - - to save exit file python -m SimpleHTTPServer 8009 & -O /etc/sudoers ~~[why need '&' - to use terminal and simpleServer works in bg]~~ export URL=http://127.0.0.1:8009/sudoers export LFILE=/etc/sudoers wget $URL -O $LFILE sudo -i root@rbash_attackdefense:~$
privesc wget SUIDSUID
PrivEsc abusing WGET SUID
https://www.ctf.live/challengedetails?cid=21 escape restricted shell fesal@rbash_attackdefense:~$ :set shell=/bin/bash :shell export PATH=.bin:/usr/bin/ echo $PATH use wget SUID to transfer file to /etc/sudoers cd /tmp vi sudoers :i[enter] - to edit file fesal ALL=(ALL) NOPASSWD:ALL :wq - - to save exit file python -m SimpleHTTPServer 8009 & -O /etc/sudoers ~~[why need '&' - to use terminal and simpleServer works in bg]~~ export URL=http://127.0.0.1:8009/sudoers export LFILE=/etc/sudoers wget $URL -O $LFILE sudo -i root@rbash_attackdefense:~$
privesc wget SUIDmongodb
Exploiting MongoDB NoSQL Injection to Username:Password Enumeration & Java jjs SGID to Root Shell
Linux box of medium difficulty. The early shell used MongoDB to brute the user’s passwords using NoSQL bypass. To raise root privilege, it was enough for a system equipped with a permissive SUID.
jjs
Exploiting MongoDB NoSQL Injection to Username:Password Enumeration & Java jjs SGID to Root Shell
Linux box of medium difficulty. The early shell used MongoDB to brute the user’s passwords using NoSQL bypass. To raise root privilege, it was enough for a system equipped with a permissive SUID.
PrependSetuid
Exploiting MongoDB NoSQL Injection to Username:Password Enumeration & Java jjs SGID to Root Shell
Linux box of medium difficulty. The early shell used MongoDB to brute the user’s passwords using NoSQL bypass. To raise root privilege, it was enough for a system equipped with a permissive SUID.
jjs bash SUID
Exploiting MongoDB NoSQL Injection to Username:Password Enumeration & Java jjs SGID to Root Shell
Linux box of medium difficulty. The early shell used MongoDB to brute the user’s passwords using NoSQL bypass. To raise root privilege, it was enough for a system equipped with a permissive SUID.
LD_PRELOAD
PrivEsc abusing Sudo (LD_PRELOAD)
noobuser@attackdefense:~$ id uid=999(noobuser) gid=999(noobuser) groups=999(noobuser) noobuser@attackdefense:~$ sudo -l Matching Defaults entries for noobuser on attackdefense: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, env_keep+=LD_PRELOAD User noobuser may run the following commands on attackdefense: (root) NOPASSWD: /usr/sbin/apache2
privesc LD_PRELOAD linuxsource code
Exploiting Bug on the Python-based Web Server for RCE
It was a medium-difficulties Linux box that allowed players to spot an initial access bug on the python-based web server. Once we have initial access to the reverse shell, another script to encrypt the password would have to be examined to gain higher privilege
encryption
Exploiting Bug on the Python-based Web Server for RCE
It was a medium-difficulties Linux box that allowed players to spot an initial access bug on the python-based web server. Once we have initial access to the reverse shell, another script to encrypt the password would have to be examined to gain higher privilege
adminer
Exploiting Adminer 4.6.2 File Disclosure Vulnerability & Python Library Hijacking for PrivEsc
Admirer is an easy box that need to exploit Adminer 4.6.2 to get credential for initial shell then abusing shutil module for python library hijacking to escalate into root shell.
shutil
Exploiting Adminer 4.6.2 File Disclosure Vulnerability & Python Library Hijacking for PrivEsc
Admirer is an easy box that need to exploit Adminer 4.6.2 to get credential for initial shell then abusing shutil module for python library hijacking to escalate into root shell.
python library hijacking
Exploiting Adminer 4.6.2 File Disclosure Vulnerability & Python Library Hijacking for PrivEsc
Admirer is an easy box that need to exploit Adminer 4.6.2 to get credential for initial shell then abusing shutil module for python library hijacking to escalate into root shell.
dll injection
Abusing DNS Admin Membership by DLL Injection in “dns.exe” for PrivEsc in Active Directory
Resolute was a medium level Windows computer that included a list of users and login discoveries for the SMB system. This password has been pulsed into the SMB login via hydra to the usernames identified. The listing of the privilege escalation led us to another member of the DnsAdmins group. Then, by violating his admin’s right to charge the DLL injection to obtain the Admin shell.
dnscmd.exe
Abusing DNS Admin Membership by DLL Injection in “dns.exe” for PrivEsc in Active Directory
Resolute was a medium level Windows computer that included a list of users and login discoveries for the SMB system. This password has been pulsed into the SMB login via hydra to the usernames identified. The listing of the privilege escalation led us to another member of the DnsAdmins group. Then, by violating his admin’s right to charge the DLL injection to obtain the Admin shell.
smbserver.py
Abusing DNS Admin Membership by DLL Injection in “dns.exe” for PrivEsc in Active Directory
Resolute was a medium level Windows computer that included a list of users and login discoveries for the SMB system. This password has been pulsed into the SMB login via hydra to the usernames identified. The listing of the privilege escalation led us to another member of the DnsAdmins group. Then, by violating his admin’s right to charge the DLL injection to obtain the Admin shell.
smb login bruteforce
Discovery of azure.xml file & Abusing Azure Admins Group to Leverage Azure AD Connect
Monteverde was an Active Directory box that requires enumerating user accounts via smb then bruteforce smb login via msf module to log in as user shell. Then we find more credentials by enumerating the machine and abusing Azure Admin to retrieve plain text credential in order to gain Admin shell.
azure ad
Discovery of azure.xml file & Abusing Azure Admins Group to Leverage Azure AD Connect
Monteverde was an Active Directory box that requires enumerating user accounts via smb then bruteforce smb login via msf module to log in as user shell. Then we find more credentials by enumerating the machine and abusing Azure Admin to retrieve plain text credential in order to gain Admin shell.
plaintext creds
Discovery of azure.xml file & Abusing Azure Admins Group to Leverage Azure AD Connect
Monteverde was an Active Directory box that requires enumerating user accounts via smb then bruteforce smb login via msf module to log in as user shell. Then we find more credentials by enumerating the machine and abusing Azure Admin to retrieve plain text credential in order to gain Admin shell.
evil-winrm
Discovery of azure.xml file & Abusing Azure Admins Group to Leverage Azure AD Connect
Monteverde was an Active Directory box that requires enumerating user accounts via smb then bruteforce smb login via msf module to log in as user shell. Then we find more credentials by enumerating the machine and abusing Azure Admin to retrieve plain text credential in order to gain Admin shell.
ctf
HackerTest.net write-up
HackerTest.net is your own online hacker simulation. With 20 levels that require different skills to get to another step of the game, this new real-life imitation will help you advance your security knowledge. HackerTest.net will help you improve your JavaScript, PHP, HTML and graphic thinking in a fun way that will entertain any visitor! Have a spare minute? Log on! Each level will provide you with a new, harder clue to find a way to get to another level. Will you crack HackerTest.net?_
ctf web javascript phpjavascript
HackerTest.net write-up
HackerTest.net is your own online hacker simulation. With 20 levels that require different skills to get to another step of the game, this new real-life imitation will help you advance your security knowledge. HackerTest.net will help you improve your JavaScript, PHP, HTML and graphic thinking in a fun way that will entertain any visitor! Have a spare minute? Log on! Each level will provide you with a new, harder clue to find a way to get to another level. Will you crack HackerTest.net?_
ctf web javascript phpphp
HackerTest.net write-up
HackerTest.net is your own online hacker simulation. With 20 levels that require different skills to get to another step of the game, this new real-life imitation will help you advance your security knowledge. HackerTest.net will help you improve your JavaScript, PHP, HTML and graphic thinking in a fun way that will entertain any visitor! Have a spare minute? Log on! Each level will provide you with a new, harder clue to find a way to get to another level. Will you crack HackerTest.net?_
ctf web javascript phpmalware
Diving into ESET INTERNET SECURITY 2020 Edition
The best protection for everyday web users who loves to stream online content. Secures Windows, Mac, Android, and Linux devices.
malware antivirusantivirus
Diving into ESET INTERNET SECURITY 2020 Edition
The best protection for everyday web users who loves to stream online content. Secures Windows, Mac, Android, and Linux devices.
malware antiviruscewl
Bludit 3.9.2 Brute Force Mitigation Bypass, Code Execution Vulnerability in “Upload function” & sudo 1.8.27 - Security Bypass
Blunder is a linux box rate as easy. We need to obtain credential of Bludit v3.9.2 by bruteforce login in order to get a shell. Then, enumerate Bludit files to get user password to switch user into hugo. From there, we could abuse sudo vulnerability to gain root shell.
sudo
Bludit 3.9.2 Brute Force Mitigation Bypass, Code Execution Vulnerability in “Upload function” & sudo 1.8.27 - Security Bypass
Blunder is a linux box rate as easy. We need to obtain credential of Bludit v3.9.2 by bruteforce login in order to get a shell. Then, enumerate Bludit files to get user password to switch user into hugo. From there, we could abuse sudo vulnerability to gain root shell.
lxd
Exploiting Apache Tomcat & Abusing LXD Membership for PrivEsc
Tabby is a linux box rate as easy. We need to get /etc/tomcat9/tomcat-users.xml file to collect credential through LFI. Then, we could upload WAR file to victim to gain initial shell. To move into ash shell, we have to crack the backup zip file. To escalate into root, we could abusing lxd group membership to obtain root privilege.
WAR
Exploiting Apache Tomcat & Abusing LXD Membership for PrivEsc
Tabby is a linux box rate as easy. We need to get /etc/tomcat9/tomcat-users.xml file to collect credential through LFI. Then, we could upload WAR file to victim to gain initial shell. To move into ash shell, we have to crack the backup zip file. To escalate into root, we could abusing lxd group membership to obtain root privilege.
Tomcat9
Exploiting Apache Tomcat & Abusing LXD Membership for PrivEsc
Tabby is a linux box rate as easy. We need to get /etc/tomcat9/tomcat-users.xml file to collect credential through LFI. Then, we could upload WAR file to victim to gain initial shell. To move into ash shell, we have to crack the backup zip file. To escalate into root, we could abusing lxd group membership to obtain root privilege.
fcrackzip
Exploiting Apache Tomcat & Abusing LXD Membership for PrivEsc
Tabby is a linux box rate as easy. We need to get /etc/tomcat9/tomcat-users.xml file to collect credential through LFI. Then, we could upload WAR file to victim to gain initial shell. To move into ash shell, we have to crack the backup zip file. To escalate into root, we could abusing lxd group membership to obtain root privilege.
Kernel Exploits
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
Stored Passwords
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
Weak File Permission
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
SSH Keys
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
Abusing Intended Functionality
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
Sudo (Shell Escaping)
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
Sudo (LD_PRELOAD)
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
SUID (Shared Object Injection)
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
SUID (Symlinks)
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
SUID (Environment Variables)
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
Cron
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
NFS Root Squashing
Multiple Techniques for Linux Privilege Escalation
In order to gain root shell, we need to escalate our privilege from local user to root to have best permission on the current system. Privilege escalation could be exploit by different techniques depending on how the linux system is configured by system admin. Here, we can learn different techniques to obtain root shell.
AD
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
enum4linux
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
smbmap
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
smbclient
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
kerbrute
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
kerberos
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
pass the hash
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
secretdump
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
psexec
Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
TryHackMe CTF: 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
iot
Exploiting CVE-2016-1555 in Netgear WNAP320 Firmware Version 2.0.3 for Remote Command Execution
A beginner friendly walkthrough for internet of things (IoT) pentesting from TryHackMe CTF
thm
Exploiting CVE-2016-1555 in Netgear WNAP320 Firmware Version 2.0.3 for Remote Command Execution
A beginner friendly walkthrough for internet of things (IoT) pentesting from TryHackMe CTF
netgear
Exploiting CVE-2016-1555 in Netgear WNAP320 Firmware Version 2.0.3 for Remote Command Execution
A beginner friendly walkthrough for internet of things (IoT) pentesting from TryHackMe CTF
CVE-2016-1555
Exploiting CVE-2016-1555 in Netgear WNAP320 Firmware Version 2.0.3 for Remote Command Execution
A beginner friendly walkthrough for internet of things (IoT) pentesting from TryHackMe CTF
sqli
Extracting administrator credential via blind SQL injection in cookie header
Blind SQL injection vulnerability in the cookie header. Able to retrieve the contents of the table to obtain the username and password of administrator.
persistence
Common Linux Persistence Techniques
The adversary is attempting to keep their foothold. Persistence refers to strategies used by adversaries to maintain access to systems despite restarts, changing credentials, and other disruptions that may terminate their access.