What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-07-14 13:52:04 | Linux for Pentester: ed Privilege Escalation (lien direct) | Here in this article, we are going to introduce a line-oriented text editor command i.e. “ed” which is used to generate, display, alter and operate text files. All ed commands operate on whole lines or ranges of lines; e.g., the “d” command deletes lines; the “m” command moves lines, “t” command copy the lines and... Continue reading → | |||
|
2019-07-14 05:39:03 | Steganography: The Art of Concealing (lien direct) | In this post, we will introduce the multiple ways for hiding any text that are based on Audio, Image, Video and White text. For achieving this we will use a method that is known as “Steganography”. The term steganography refers to the technique of hiding secret data within an ordinary, non-secret, file or message in... Continue reading → | |||
|
2019-07-12 17:34:04 | Matrix-3: Vulnhub Walkthrough (lien direct) | Today we are going to take another CTF challenge from the series of Matrix. The credit for making this VM machine goes to “Ajay Verma” and it is another boot2root challenge where we have to root the server and capture the flag to complete the challenge. You can download this VM here. Security Level: Intermediate Penetrating Methodology:... Continue reading → | |||
|
2019-07-12 07:03:00 | Linux for Pentester: sed Privilege Escalation (lien direct) | This article will take our readers through all about Stream Editor (Sed), which is one of the most prominent text-processing services on GNU/Linux. In this article, we came with the brief introductory guide to sed which supports the main concern that how sed works and how we can accomplish its supplementary practice in the operation... Continue reading → | |||
|
2019-07-11 16:55:01 | Escalate_Linux: Vulnhub Walkthrough (Part 1) (lien direct) | Escalate_Linux is an intentionally developed Linux vulnerable virtual machine. The main focus of this machine is to learn Linux Post Exploitation (Privilege Escalation) Techniques. The credit for making this VM machine goes to “Manish Gupta” and it is a boot2root challenge where the creator of this machine wants us to root the machine through twelve... Continue reading → | |||
|
2019-07-09 14:54:01 | PumpkinRaising : Vulnhub Walkthrough (lien direct) | PumpkinRaising is another CTF challenge from the series of Mission-Pumpkin v1.0 created by keeping beginners in mind and all credit for this VM goes to Jayanth. This level is all about identifying 4 pumpkin seeds (4 Flags – Seed ID's) and gain access to root and capture the final Flag.txt file. You can download it... Continue reading → | |||
|
2019-07-09 04:04:02 | (Déjà vu) Hack the Box: Netmon Walkthrough (lien direct) | Netmon is a recently retired CTF VM on Hack the Box with the objective – Capture the user and root flag. Hack the Box offers a wide range of VMs for practice from beginner to advanced level and it is great for penetration testers and researchers. Level: Intermediate Task: To find user.txt and root.txt file... Continue reading → | Hack | ||
|
2019-07-08 16:16:05 | Linux for Pentester: pip Privilege Escalation (lien direct) | The main objective of this article is to make attentive our readers for the other most expedient command from the list of Linux for pentesters. As we know apart from copying, downloading and searching task user desires other excessive operational mission i.e. installation of packages. So in this article, we are going to make you... Continue reading → | |||
|
2019-07-07 17:02:00 | PumpkinGarden: Vulnhub Walkthrough (lien direct) | Today we are going to solve another CTF challenge known as mission Pumpkin and credit for making this VM machine goes to Jayanth which is designed for people who are beginners in the penetration testing field. The mission of this CTF is to gain access to PumpkinGarden_key file stored in the root account. So, let's... Continue reading → | |||
|
2019-07-07 16:26:05 | (Déjà vu) Symfonos:1 Vulnhub Walkthrough (lien direct) | This is another post on vulnhub CTF “named as “symfonos” by Zayotic. It is designed for VMware platform, and it is a boot to root challenge where you have to find flags to finish the task assigned by the author. You can download it from here: https://www.vulnhub.com/entry/symfonos-1,322/ Level: Beginner to Intermediate Penetrating Methodologies Scanning Netdiscover... Continue reading → | |||
|
2019-07-07 03:48:04 | Linux for Pentester: git Privilege Escalation (lien direct) | In this article, we will understand a very dominant command i.e “git” which is use in version control of software development for controlling source code and helps the software developer. Here I'm using the basic commands that a git can perform to learn its advantage in our mission of privilege escalation. So by knowing this... Continue reading → | |||
|
2019-07-05 04:34:01 | Shellphish: A Phishing Tool (lien direct) | Shellphish is an interesting tool that we came across that illustrates just how easy and powerful phishing tools have become today. The tool leverages some of the templates generated by another tool called SocialFish. The tool offers phishing templates for 18 popular sites, the majority are focused on social media and email providers. There is... Continue reading → | Tool | ||
|
2019-07-01 04:49:05 | Linux for Pentester: cp Privilege Escalation (lien direct) | In this article, we are going to grasp another very worthwhile command i.e. “cp” (copy) and will cover all the basic function of 'cp” command that a user can use. As we know this command helps in copying the file/directories from the source to destination so, in this article we will study how we can... Continue reading → | |||
|
2019-06-26 13:50:05 | (Déjà vu) Linux for Pentester: Taskset Privilege Escalation (lien direct) | In this article, we'll talk about taskset command which is a Linux utility and learn how helpful the time command is for Linux penetration testing and how we'll progress time to scale the greater privilege shell. Table of Content Introduction to TASKSET Major Functions of TASKSET command Sudo rights Lab setups for Privilege Escalation Exploiting... Continue reading → | |||
|
2019-06-23 14:28:05 | Hack the Box: Help Walkthrough (lien direct) | Help is a recently retired CTF challenge VM on Hack the Box and the objective remains the same– Capture the root flag. Hack the Box offers a wide range of VMs for practice from beginner to advanced level and it is great for penetration testers and researchers. Level: Intermediate Task: To find user.txt and root.txt... Continue reading → | Hack | ||
|
2019-06-20 14:51:05 | (Déjà vu) Linux for Pentester: Time Privilege Escalation (lien direct) | In this article, we'll talk about Time command which is a Linux utility and learn how helpful the time command is for Linux penetration testing and how we'll progress time to scale the greater privilege shell. Table of Contents All About Linux Time Command Major Operation Perform by Time Abusing Time Utility SUID Lab Setups... Continue reading → | |||
|
2019-06-19 15:56:02 | Beginner\'s Guide to Nexpose (lien direct) | In this article, we'll learn about Nexpose, which is used to scan a vulnerability network. There are various vulnerability scanners but the part that keeps it special is its smooth user interface and robust reporting options it offers, from the most common to the advance. Table of Content Introduction to Nexpose Nexpose Virtual Appliance Installation... Continue reading → | Vulnerability | ||
|
2019-06-18 17:17:02 | Happycorp:1 Vulnhub Walkthrough (lien direct) | This is another post on vulnhub CTF “named as “HAPPYCORP:1” by Zayotic. It is designed for VMware platform, and it is a boot to root challenge where you have to find flags to finish the task assigned by the author. You can download it from here: https://www.vulnhub.com/entry/happycorp-1,296/ Penetrating Methodologies Scanning Netdiscover Nmap Enumeration NFS-Share Mount... Continue reading → | |||
|
2019-06-16 16:34:04 | Linux for Pentester: xxd Privilege Escalation (lien direct) | In this article, we are going to make our readers familiar with another influential command i.e. “xxd” which assist for converting any hex dump to a binary and vice-versa. So, by knowing this certainty now we will check how wisely we can make it applicable in Privilege Escalation. Table of Content Introduction to xxd Major... Continue reading → | |||
|
2019-06-15 17:12:02 | (Déjà vu) Linux for Pentester: CAT Privilege Escalation (lien direct) | Today we are going to talk about CAT command and learn how helpful the apt command is for Linux penetration testing and how we'll progress apt to scale the greater privilege shell. Table of Content Introduction to CAT Major Functions of CAT command Sudo rights Lab setups for Privilege Escalation Exploiting Sudo Rights Introduction to... Continue reading → | |||
|
2019-06-14 16:44:04 | Linux for Pentester: Find Privilege Escalation (lien direct) | Today in this article we are back with another most advantageous command from the series of Linux for Pentester i.e. “Find'. The Find command is used to search the list of files and directories, so by knowing this fact, we will now illustrate how we can avail it in Privilege Escalation. Table of Content Introduction... Continue reading → | |||
|
2019-06-12 15:53:03 | Cloakify-Factory: A Data Exfiltration Tool Uses Text-Based Steganography (lien direct) | In our previous post, we had already discussed on “Cloud Storage Uploads for data exfiltration” and today we are going to discussed “Concealed Method for Data Exfiltration” to extract the unauthorized data. Here you will learn how an intruder can exfiltrate data through steganography approach. Table of Content Overview About Data Exfiltration Cloakify Installation and... Continue reading → | Tool | ||
|
2019-06-10 14:57:05 | Linux for Pentester: Wget Privilege Escalation (lien direct) | In this article, we are going to describe the entire utility of Wget command and how vital it is in Linux penetration testing. As Wget is used for downloading the files from the server so here we will learn that what else we can do by this command in Privilege Escalation. Table of Content Introduction... Continue reading → | |||
|
2019-06-10 10:54:03 | Penetration Testing on Splunk (lien direct) | In this article, we are going to exploit SPLUNK using the reverse shell. One can find this beneficial in exploiting and do penetration testing of SPLUNK environment of their respective IT infrastructure. Table of Content Introduction to SPLUNK Deploying SPLUNK on UBUNTU Exploiting SPLUNK using a reverse shell What is SPLUNK? Splunk Enterprise Security (ES)... Continue reading → | |||
|
2019-06-10 07:36:04 | Evilginx2- Advanced Phishing Attack Framework (lien direct) | This is the successor of Evilginx 1, and it stays in-line with the MITM lineage. This tool is designed for a Phishing attack to capture login credentials and a session cookie. Table of Content Overview Setup Perquisites Installation Domain Setup Priming Evilginx Execution Lure Creation Attack Simulation Overview One of the biggest concerns in today’s... Continue reading → | Tool | ||
|
2019-06-07 16:22:01 | Linux for Pentester : ZIP Privilege Escalation (lien direct) | Today We are going to tell you that how can we perform Privilege Escalation with Zip command. As we all know that Zip is an easy platform-based file packaging and compression utilities for Unix-like systems like Linux, Windows, etc. The Zip program is used for compressing and packaging documents. Table of Content Introduction to ZIP... Continue reading → | |||
|
2019-06-06 15:04:03 | Linux for Pentester: APT Privilege Escalation (lien direct) | In this article, we’ll talk about APT (apt-get) functionality and learn how helpful the apt command is for Linux penetration testing and how we’ll progress apt to scale the greater privilege shell. Table of Content Introduction to APT (apt-get) Major Operation performed using APT (apt-get) Exploiting APT (apt-get) Sudo Rights Lab setups for Privilege Escalation... Continue reading → | |||
|
2019-06-01 17:11:03 | (Déjà vu) DC-5 Vulnhub Walkthrough (lien direct) | Today we are going to take another boot2root challenge known as “DC-5”. The credit for making this VM machine goes to “DCAU” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download it from here. Security Level: Medium Penetration Methodology Scanning Discovering Targets... Continue reading → | |||
|
2019-05-27 18:55:05 | Data Exfiltration using PowerShell Empire (lien direct) | In our previous post, we had already discussed “Command and Control with DropboxC2” But we are going to demonstrate Data Exfiltration by using PowerShell Empire where we will extract the unauthorized data inside our Dropbox account. Here you will learn how an intruder can exfiltrate data over cloud storage. What is Data Exfiltration Data exfiltration... Continue reading → | |||
|
2019-05-26 13:46:04 | (Déjà vu) Lightweight: Hack the Box Walkthrough (lien direct) | Today we are going to solve another CTF challenge “lightweight”. It is a retired vulnerable lab presented by Hack the Box for helping pentesters to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Intermediate Task: To find user.txt and... Continue reading → | Hack | ||
|
2019-05-25 02:54:00 | digitalworld.local-BRAVERY: Vulnhub Walkthrough (lien direct) | Today we will be solving a boot2root lab from Vulnhub called SILKY-1. This lab, like many others, is a good way to keep your penetration testing skills sharp while getting some variety. Download it from here: https://www.vulnhub.com/entry/digitalworldlocal-bravery,281/ Penetration Methodologies Scanning Netdiscover Nmap Enumeration Mount NFS share directory SMB shared file enumeration Exploiting Abusing CMS via... Continue reading → | |||
|
2019-05-22 17:23:04 | unknowndevice64 v2.0: Vulnhub Walkthrough (lien direct) | Today we are going to take on another boot2root challenge “uknowndevice64 v2.0” by Ajay Verma. Our goal is to get root and read flag.txt with at least two different ways. Download it from here: //download.vulnhub.com/unknowndevice64/unknowndevice64-V2.0.ova Difficulty: Beginner Penetrating Methodology: Scanning Netdiscover NMAP Enumeration Web Directory search Credential harvesting Exploiting SSH login (1st Method) ADB login... Continue reading → | |||
|
2019-05-22 17:10:02 | Silky-CTF: 0x01: Vulnhub Walkthrough (lien direct) | Today we will be solving a boot2root lab from Vulnhub called SILKY-1. This lab, like many others, is a good way to keep your penetration testing skills sharp while getting some variety. Download it from here: https://www.vulnhub.com/series/silky-ctf,207/ Level: Easy-Intermediate Task: Boot to Root (flag.txt) Penetration Methodologies Scanning Netdiscover Nmap Enumeration Web Spreading txt Generating Password... Continue reading → | |||
|
2019-05-19 16:13:00 | Sputnik 1: Vulnhub Walkthrough (lien direct) | Today we will be solving a boot2root lab from Vulnhub called Sputnick:1. This lab, like many others, is a good way to keep your penetration testing skills sharp while getting some variety. Level: Easy Task: To find flag.txt Table of Content Scanning Open ports and Running services (Nmap) Enumeration Web Directory search Credential harvesting Exploitation ... Continue reading → | |||
|
2019-05-17 14:33:03 | Development: Vulnhub Walkthrough (lien direct) | Today we are going to take on another challenge known as “DEVELOPMENT”. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived and made slightly more nefarious than the original. The author of this VM machine is “Donavan”. Our goal is to get... Continue reading → | |||
|
2019-05-17 07:50:00 | (Déjà vu) DC-4 Vulnhub Walkthrough (lien direct) | Today we are going to take another boot2root challenge known as “DC-4”. The credit for making this VM machine goes to “DCAU” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download it from here Security Level: Beginner Penetrating Methodology Scanning Discovering Targets... Continue reading → | |||
|
2019-05-13 16:16:04 | Get Meterpreter Session Alert over slack (lien direct) | You’re going to learn ShellHerder in this post. It is a technique used to monitor all the sessions of Metasploit/Meterpreter. The basic idea to create it, that new incoming sessions could be easily monitored when Intruder cannot access the listener. This approach is quite helpful when a Pen-tester wants to get an alert for live... Continue reading → | |||
|
2019-05-11 15:03:04 | Born2Root: 2: Vulnhub Walkthrough (lien direct) | Hello Friends!! Today we are going to take another CTF challenge named “Born2Root: 2”. The credit for making this VM machine goes to “Hadi Mene”. It is available on the Vulnhub website. Although there is no description provided at the current time on the Vulnhub website, we assume that we will have to gain the... Continue reading → | |||
|
2019-05-09 11:15:00 | DC6-Lab Walkthrough (lien direct) | DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. This isn’t an overly difficult challenge so should be great for beginners. The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the... Continue reading → | |||
|
2019-05-07 13:52:02 | PowerCat -A PowerShell Netcat (lien direct) | The word PowerCat named from Powershell Netcat which is a new version of netcat in the form of the powershell script. In this article, we will learn about powercat which a PowerShell tool for is exploiting windows machines. Table of Content Requirement & Installations Testing PowerShell Communication Bind Shell Execute Shell Tunnelling or port forwarding... Continue reading → | Tool | ||
|
2019-05-05 16:11:05 | (Déjà vu) DC-3 Walkthrough (lien direct) | Hello friends! Today we are going to take another boot2root challenge known as “DC-3”. The credit for making this VM machine goes to “DCAU” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download it from here. Security Level: Beginner Penetrating Methodology: Discovering... Continue reading → | |||
|
2019-05-04 14:07:05 | (Déjà vu) DC-2 Walkthrough (lien direct) | Hello friends! Today we are going to take another boot2root challenge known as “DC-2”. The credit for making this VM machine goes to “DCAU” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download it from here. Security Level: Beginner Penetrating Methodology: Discovering... Continue reading → | |||
|
2019-05-03 15:17:01 | Code Execution from WinRAR (lien direct) | In this post, we are going to discuss how WinRAR has patched serious security faults last month, one of the world’s most popular Windows file compression applications, which can only be exploited by tricking a WinRar user to extract malicious archives. The vulnerability identified last year by research.checkpoint.com affects all versions released in all WinRAR... Continue reading → | Vulnerability | ||
|
2019-05-03 13:59:04 | Web Server Lab Setup for Penetration Testing (lien direct) | In this post, we will discuss how to set-up our own web server for penetration testing on Ubuntu 18. Ubuntu 18 has updated with the new features. Table of Content Requirement Web Server configuration Apache PHP MySQL phpMyAdmin FTP SSH Nmap Requirement-ubuntu 18.0 Web Server Configuration The Web server is a program that uses HTTP to serve users with files forming web pages in response to requests transmitted by their HTTP clients. The Web servers can also be called dedicated computers and apparatuses. Install Apache First, we will install the... Continue reading → | |||
|
2019-05-01 12:06:02 | (Déjà vu) SP ike: Vulnhub Lab Walkthrough (lien direct) | Hello friends! Today we are going to take another CTF challenge known as “SP ike”. The credit for making this VM machine goes to “Daniel Solstad”. Our goal is to get flags to complete the challenge. Security Level: Intermediate Penetrating Methodology: Discovering Targets IP Network scanning (Nmap) Surfing HTTP service port Configuring HEXCHAT IRC Client... Continue reading → | |||
|
2019-04-28 16:48:00 | (Déjà vu) Hack the Box : Irked Walkthrough (lien direct) | Today we are going to solve another CTF challenge “irked”. It is a retired vulnerable lab presented by Hack the Box for helping pentesters to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Easy Task: To find user.txt and... Continue reading → | Hack | ★★★★★ | |
|
2019-04-24 17:10:04 | (Déjà vu) Hack the Box: Teacher Walkthrough (lien direct) | Today we are going to solve another CTF challenge “Teacher”. It is a retired vulnerable lab presented by Hack the Box for helping pentesters to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Intermediate Task: To find user.txt and... Continue reading → | Hack | ||
|
2019-04-21 15:02:01 | Covert Channel: The Hidden Network (lien direct) | Generally, the hacker uses a hidden network to escape themselves from firewall and IDS such. In this post, you will learn how to steal information from the target machine through the undetectable network. Such type of network is known as a covert channel which seems as generic traffic to any network monitor device/application and network... Continue reading → | |||
|
2019-04-17 15:06:01 | (Déjà vu) SP eric: Vulnhub Lab Walkthrough (lien direct) | Hello friends! Today we are going to take another CTF challenge known as “SP eric”. The credit for making this VM machine goes to “Daniel Solstad”. Our goal is to get 2 flags to complete the challenge. They are located at: /root/flag.txt /home/eric/flag.txt You can download this VM here. Security Level: Beginner Penetrating Methodology: Network... Continue reading → | |||
|
2019-04-16 06:13:04 | Command & Control: Ares (lien direct) | In this article, we will learn how to use Ares tool. This tool performs the Command and Control over the Web Interface. This tool can be found on GitHub. Table of Content: Introduction Installation Exploiting Target Command Execution Capturing Screenshot File Download Compressing Files Persistence Agent Clean Up Introduction Ares is a Python Remote Access... Continue reading → | Tool |
To see everything:
Our RSS (filtrered)
