A bunch of next writeups will be for
It's also a nice way to prepare yourself for the #OSCP exam, so I noted down almost all writeups for it as well.
Enjoy!
Offensive Pentesting learning path from #tryhackme. You can learn more about it here: https://tryhackme.com/path/outline/pentesting. It's also a nice way to prepare yourself for the #OSCP exam, so I noted down almost all writeups for it as well.
Enjoy!
TryHackMe
Offensive Pentesting
Acquire the skills needed to go and get certified by well known certifiers in the security industry. Learn about industry-used penetration testing tools and attain techniques to become a successful penetration tester.
The Vulnversity will be the first machine in this series. It's a pretty classic exploitation path for the web server with further privilege escalation process via abusing the SUID bit on one of the binaries. For all machines in this series I put takeaways at the end of the writeup.
#tryhackme #pentest
https://telegra.ph/Vulnversity-09-22
#tryhackme #pentest
https://telegra.ph/Vulnversity-09-22
Telegraph
Vulnversity
Vulnversity is the first machine in TryHackMe’s “Offensive pentesting” path.
Exploiting the legendary EternalBlue (CVE-2017-0144) vulnerability in this TryHackMe machine.
#pentest #tryhackme
https://telegra.ph/Blue-09-22-4
#pentest #tryhackme
https://telegra.ph/Blue-09-22-4
Telegraph
Blue
Blue is the second machine in TryHackMe’s “Offensive pentesting” path.
Kenobi is the third machine in TryHackMe’s
#pentest #tryhackme
https://telegra.ph/Kenobi-09-22
Offensive pentesting path. Identifying and exploiting the vulnerability in FTP server. To escalate privileges to root you will need to use the combination of SUID binary and PATH variable. #pentest #tryhackme
https://telegra.ph/Kenobi-09-22
Telegraph
Kenobi
Kenobi is the third machine in TryHackMe’s “Offensive pentesting” path.
Another Mr.Robot-themed machine. Exploiting the HTTP file server to get the initial shell, and finding a
#tryhackme #pentest
https://telegra.ph/Steel-Mountain-09-23
Unquoted Service Path vulnerability to privesc, #tryhackme #pentest
https://telegra.ph/Steel-Mountain-09-23
Telegraph
Steel Mountain
Steel Mountain is the first machine in the “Advanced Exploitation” part of TryHackMe’s “Offensive pentesting” path. > Enumeration By scanning the machine with nmap we can see that both port 80 and port 8080 are running the HTTP services. Port 80 has nothing…
From Mr.Robot to Batman! In Alfred you will need to exploit misconfigured
#tryhackme #pentest
https://telegra.ph/Alfred-09-23
Jenkins instance, and on a later stage impersonate a client with the SeImpersonatePrivilege role. #tryhackme #pentest
https://telegra.ph/Alfred-09-23
Telegraph
Alfred
Alfred is the second machine in the “Advanced Exploitation” part of TryHackMe’s “Offensive pentesting” path. > Enumeration The output of the nmap scan: nmap -sC -sV 10.10.0.34 80/tcp open Microsoft IIS httpd 7.5 3389/tcp open ssl/ms-wbt-server? 8080/tcp open…
Moar themed machines! Next in the line - IT. Bruteforcing our way into the web server, finding the exploit for Remote Code Execution, and getting the root by tampering the misconfigured service.
#tryhackme #pentest
https://telegra.ph/HackPark-09-23
#tryhackme #pentest
https://telegra.ph/HackPark-09-23
Telegraph
HackPark
HackPark is the third machine in the “Advanced Exploitation” part of TryHackMe’s “Offensive pentesting” path. > Enumeration Nmap scan: nmap -sC -sV -o nmap.txt 10.10.37.35 80/tcp open http Microsoft IIS httpd 8.5 3389/tcp open ssl/ms-wbt-server? By navigating…
Theme for the next machine is Hitman, as in this box you will be breaking into the forum about games.
SQL injection for the foothold, and quite tricky PrivEsc as I wanted to avoid using Metasploit.
#tryhackme #pentest
https://telegra.ph/Game-Zone-09-23
SQL injection for the foothold, and quite tricky PrivEsc as I wanted to avoid using Metasploit.
#tryhackme #pentest
https://telegra.ph/Game-Zone-09-23
Telegraph
Game Zone
Game Zone is the fourth machine in the “Advanced Exploitation” part of TryHackMe’s “Offensive pentesting” path. > Enumeration Nmap scan output: nmap -sC -sV -o gamezone <ip> 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 ( 80/tcp open http Apache httpd 2.4.18…
Dipping your toes into Digital Forensic just a bit. Analyzing the .pcap file to replicate attacker's action. This machine is different from others in this series, but it's worth checking.
#tryhackme #pentest
https://telegra.ph/Ovrpass2-09-23
#tryhackme #pentest
https://telegra.ph/Ovrpass2-09-23
Telegraph
Ovrpass2
Overpass2 is the seventh machine in the “Advanced Exploitation” part of TryHackMe’s “Offensive pentesting” path. > PCAP analysis That is an unusual type of machine for me. We got the .pcap file with the network dump. There are few ways to work with .pcap…
Hacking Skynet in this Terminator-themed machine. A LOT of enumeration with a pinch of brute forcing. Exploitation is straight forward, PrivEsc part will...take some time 😉
#tryhackme #pentest
https://telegra.ph/Skynet-09-23
#tryhackme #pentest
https://telegra.ph/Skynet-09-23
Telegraph
Skynet
Skynet is the fifth machine in the “Advanced Exploitation” part of TryHackMe’s “Offensive pentesting” path. > Enumeration Let’s start with the nmap scan: nmap -sC -sV -o nmap.txt <target_ip> 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 80/tcp open http…
The last writeup on
https://telegra.ph/Internal-09-23-2
Offensive Pentesting learning path from me. Kicking Wordpress and Jenkins instance in that one. https://telegra.ph/Internal-09-23-2
Telegraph
Internal
Internal is the last machine in the “Advanced Exploitation” part of TryHackMe’s “Offensive pentesting” path. Enumeration As I’m starting to prepare for my “Dry run” for the OSCP exam, this time I will use more stuff from my methodology. We already learned…
Found my old HackTheBox writeup, that is also can be useful for OSCP prep. In Tabby, you need to break into the Tomcat instance and escape from the LXD container for a PrivEsc. Pretty cool machine, this PrivEsc vector is quite common, but still underrepresented in the majority of labs.
#hackthebox #pentest
https://telegra.ph/Tabby-09-27
#hackthebox #pentest
https://telegra.ph/Tabby-09-27
Telegraph
Tabby
Tabby is an easy Linux machine from HackTheBox, that is part of the pool of machines that recommended for preparation for OSCP certification. > Content table Enumeration Exploitation of Tomcat Privilege escalation with LXC containers > Enumeration Start with…
To the hardcore part. While we are still on the OSCP note, it is wort mentioning the crucial part of the exam - the Buffer Overflow exploitation. That machine will give you 25 points (from 70 to pass the exam), and it is very different from all other machines. To handle that one, you will need to have some basic experience with Binary Exploitation and Exploit Development, as you will need to develop an exploit, that by manipulating of the program's input and memory, could execute arbitrary code to spawn a shell.
Without further ado, let's gain you some experience:
https://telegra.ph/Buffer-Overflow-101-09-27
#exploitdev #binaryexploitation #oscp
Without further ado, let's gain you some experience:
https://telegra.ph/Buffer-Overflow-101-09-27
#exploitdev #binaryexploitation #oscp
Telegraph
Buffer Overflow 101
> Introduction What is a Buffer Overflow?
Preparing for the OSCP? I captured my journey, thoughts and a bunch of advances in this long read OSCP review.
Is it good? Should you take it? Does it worth it? It's all here!
Enjoy!
#oscp #cert #review
https://telegra.ph/OSCP-review-09-27
Is it good? Should you take it? Does it worth it? It's all here!
Enjoy!
#oscp #cert #review
https://telegra.ph/OSCP-review-09-27
Telegraph
OSCP review
> Table of Content Introduction About the PWK/OSCP course Expectations Before taking the course Lab time Preparations for the exam The exam Closing thoughts Useful resources > Introduction The OSCP (Offensive Security Certified Professional) also, knows as…
My eWPT review is almost done, but it's make no sense to post it, as I'm still waiting for the result to arrive.
Oh well...
I will continue with the start of another series and interrupt it with the review later on. Stay tuned.
Spoiler: eWPT is nice
Oh well...
I will continue with the start of another series and interrupt it with the review later on. Stay tuned.
Spoiler: eWPT is nice
A bunch of upcoming post will be all about wargames from https://exploit.education/, formerly known as exploit-exercises.com.
It's a great collection of virtual machines that could help to develop essential skills for vulnerability research, and exploit development.
It might seem too simple at the beginning, but the learning curve will smash me shortly, no doubt in that.
It's a great collection of virtual machines that could help to develop essential skills for vulnerability research, and exploit development.
It might seem too simple at the beginning, but the learning curve will smash me shortly, no doubt in that.