What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-14 20:00:46 | Windows Privilege Escalation: Unquoted Service Path (lien direct) | Unquoted Path or Unquoted Service path is reported as a critical vulnerability in Windows, such vulnerability allows an attacker to escalate the privilege for NT AUTHORITY/SYSTEM for a low-level privilege user account. Table of Content Introduction Vulnerability Insight Prerequisite Lab Setup Abusing Unquoted Service Paths Mitigation Introduction Unquoted Service Path | Vulnerability | ||
|
2021-10-14 19:24:52 | Windows Privilege Escalation: Insecure GUI Application (lien direct) | Introduction In the series of Privilege escalation, till now we have learned that Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Today through applications we are going to exploit the privileges. Many GUI applications need | |||
|
2021-10-12 17:53:31 | Armageddon HackTheBox Walkthrough (lien direct) | We'll look at another one of HackTheBox machines today, called “Armageddon.” It is an easy box targeting the commonly found threat of using outdated plugins. In this box, an old and vulnerable version of Drupal is showcased. We'd own the root user by targeting it. Here is the methodology. Penetration | Threat | ||
|
2021-10-11 20:47:14 | Windows Privilege Escalation: Weak Services Permission (lien direct) | Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting misconfigured services is one technique to increase privileges. Table of Content MS Windows Services Access Rights for the Service Control Manager Weak Service Permission Lab Setup | |||
|
2021-10-11 14:02:14 | CAP HacktheBox Walkthrough (lien direct) | Today CAP – HTB machine will be our target. We will categorize this lab in the beginner’s section to capture the flag. Here, we are going to learn about the capability binary approach of privilege escalation. Let’s take a deep dive. Penetration Testing Methodology Recon Nmap Enumeration Web Enumeration Wireshark | |||
|
2021-10-06 22:12:35 | MSSQL for Pentester: Extracting Juicy Information (lien direct) | In this post, you will learn how will can extract sensitive sample information stored in the mssql by using powerupsql and mssql. In our previous article, we have mention tools and techniques that can be used to enumerate MSSQL Instances. Table of Contents Lab setup PowerupSQL Extracting Database Name Extracting | |||
|
2021-10-01 19:00:34 | MSSQL for Pentester: Command Execution with Extended Stored Procedures (lien direct) | Extended stored procedures are DLL files that are referenced by the SQL Server by having the extended stored procedure created which then reference functions or procedures within the DLL. The DLLs which are behind the extended stored procedures are typically created in a lower-level language like C or C++. Extended | |||
|
2021-09-29 17:58:33 | Love HacktheBox Walkthrough (lien direct) | Love is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim's system. Penetration Methodlogies 1st Method Recon Nmap Enumeration Dirb Exploit SSRF Unrestricted file upload to RCE Reverse Shell via Metasploit Post Enumeration | Hack | ★★★ | |
|
2021-09-28 17:55:13 | Spectra HacktheBox Walkthrough (lien direct) | Today we are going to accept the boot2root challenge of Spectra –Hack the box lab. Through this lab, we are going to check our skills in WordPress Exploitation and basic privilege escalation. Table Of Content Reconnaissance Nmap Enumeration WordPress enumeration Exploitation WordPress Metasploit Privilege Escalation Abusing Sudo rights Reconnaissance Let's | |||
|
2021-09-27 10:53:47 | Knife HacktheBox Walkthrough (lien direct) | Today we are going to solve the lab name as Knife –Hack the Box. The purpose is to accept the challenge to root the machine. Usage of sudo rights and remote code execution to pwn the victim's machine. Level: Easy Table of Content Network Scanning Nmap Enumeration Nikto Exploitation RCE | |||
|
2021-09-23 17:21:28 | Scriptkiddie HackTheBox Walkthrough (lien direct) | Script Kiddie is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim’s system. Penetration Methodlogies Recon Nmap Enumeration Exploit Generating apk Netcat Reverse Connection Post Enumeration Capture User.txt Abusing writeable script Privilege Escalation | Hack | ||
|
2021-09-20 20:44:16 | MSSQL for Pentester: Hashing (lien direct) | In this article, we will learn about multiple ways to get hashes of MSSQL users. Every version of MSSQL has different hashes. We have performed our practical on SQL Server 2016 version. Once we find the hashes, we will use JohnTheRipper to crack them. Table of Content Introduction to Hashing | |||
|
2021-09-13 05:42:27 | MSSQL for Pentester: Stored Procedures Persistence (lien direct) | In this article, we will learn one of many ways to gain persistence in SQL servers. This article is an addition to our MSSQL for Pentesters series. Gaining persistence is one of the significant steps when performing Red Team operations. And when performing such operations on MSSQL, there are possibilities | |||
|
2021-09-11 11:57:10 | MSSQL for Pentester: Abusing Linked Database (lien direct) | This article is another addition to our MSSQL for Pentesters series. In this article, we will learn how to create a linked server and exploit it. Table of content Introduction to Link Servers Lab Set-Up Exploiting Link Server Enumeration Code Execution with PowerUpSQL & Metasploit Introduction to Link Servers A | |||
|
2021-09-07 10:34:22 | MSSQL for Pentester: Abusing Trustworthy (lien direct) | In this article, we will learn how to give sysadmin rights to the user who has only fundamental public rights. Technically, we will apply privilege escalation logic and give sysadmin the privilege to a regular public user. And abuse the trustworthy property, given that it is enabled on the Database. | |||
|
2021-09-06 15:32:37 | MSSQL for Pentester: Command Execution with External Scripts (lien direct) | This article will learn about SQL servers and how to exploit their external scripts to our potential. Table of content Introduction to SQL Server Installation of SQL Server Executing Python Script Executing R Script Introduction to SQL Server Microsoft has released a lot of versions for SQL servers. Microsoft has | |||
|
2021-08-31 15:58:18 | MSSQL for Pentester: Impersonate (lien direct) | In this article, we will learn about Impersonate feature that MSSQL servers offer. The earliest implementation of Impersonate was in SQL Server 7.0, released January 1993. This command is used to authenticate a user on behalf of another user. Let’s learn all about it now. Table of Content Introduction Uses | |||
|
2021-08-30 17:18:26 | MSSQL for Pentester: Metasploit (lien direct) | In this article, we will learn in detail how to pentest MSSQL servers using the Metasploit framework. Table of Content: Introduction Identify the Server Retrieve login credentials Obtaining sysadmin privileges Exploiting xp_cmdshell MSSQL Enumeration Login User Enumeration Executing MSSQL Queries Mssql exec Executing SQL queries via .sql file Creating Database | |||
|
2021-08-30 15:19:16 | MSSQL for Pentester: Command Execution with CLR Assembly (lien direct) | In this article, we will learn all about CLR assembly functionality provided by Microsoft and how we can exploit it to our potential. Table of Content: What is Common Language Runtime Integration? Trustworthy Database Property Enabling CLRIntegration with GUI Check and Enabling Trustworthy Exploit CLR Assembly Creating a DLL File | |||
|
2021-08-26 16:46:13 | MSSQL for Pentester: Command Execution with Ole Automation (lien direct) | OLE automation is a process through which an application can access and manipulate the implied objects in other applications. Hence, in this article, we will how to use OLE automation to our benefit. Table of Content: What is OLE Automation? What are Facets? How to enable OLE Automation? GUI CLI | |||
|
2021-08-24 19:02:10 | MSSQL for Pentester: Discovery (lien direct) | Microsoft SQL Server (MS-SQL) is a relational database manager created by Microsoft. Such management systems are used to engage databases with the user. Multiple databases are used in a large enterprise or organisation which leads to a problem of SQL Sprawl. There are various methods to identify these servers from both | Guideline | ||
|
2021-08-21 10:44:39 | (Déjà vu) Simple CTF TryHackMe Walkthrough (lien direct) | Today it is time to solve another challenge called “Simple CTF”. It is available at TryHackMe for penetration testing practice. This challenge is of easy difficulty if you have the right basic knowledge and are attentive to little details that are required in the enumeration process. Breakdown of the machine | |||
|
2021-08-20 20:35:39 | MSSQL for Pentester: Command Execution with xp_cmdshell (lien direct) | This article is the series of MSSQL for pentester, here we will discover and exploit the security aspects of the xp_cmdshell functionality. Table of Content Introduction What is xp_cmdshell? Enabling xp_cmdshell Manually (GUI) sqsh mssqlclient.py Exploiting xp_cmdshell Metasploit Netcat Crackmapexec Nmap PowerUpSQL Introduction All the demonstrations in this article will | |||
|
2021-08-19 10:05:16 | MSSQL for Pentester:Nmap (lien direct) | To obtain basic information such as database names, usernames, names of tables, etc from the SQL servers on the Windows operating system, we will execute penetration testing using Nmap scripts. MSSQL is Microsoft SQL Server for database management in the network. By default, it runs on port 1433. In our previous article, | |||
|
2021-08-15 09:36:02 | Nmap for Pentester: Password Cracking (lien direct) | We will process the showcase for Nmap Brute NSE Script for dictionary attack in this article since Nmap is such a large tool that it can’t be covered in one post. If you’re wondering whether or not a brute-force assault using Nmap is doable. Yes, Nmap includes an NSE-based script | Tool | ||
|
2021-08-13 06:58:24 | Burp Suite for Pentester: Repeater (lien direct) | Today, in this article, we'll focus on the Repeater and its options featured by the Burp Suite Professional Version, which will help any Pentester to send the request inside the burp and observe its Response in real-time without disturbing the request captured from the browser. Table of Content Introduction Renaming | |||
|
2021-08-10 16:40:32 | (Déjà vu) Kenobi TryHackMe Walkthrough (lien direct) | Today it is time to solve another challenge called “Kenobi”. It is available at TryHackMe for penetration testing practice. The challenge is an easy difficulty if you have the right basic knowledge and are attentive to little details that are required in the enumeration process. The breakdown of the Machine | |||
|
2021-08-04 08:36:11 | (Déjà vu) Windows Privilege Escalation: SeImpersonatePrivilege (lien direct) | In this article, we will be showcasing the process of creating a lab environment on an IIS Server running a Windows Server 2019 machine. After setting the IIS server, we will be focusing on the usage of the SeImpersontePrivilege or Impersonate a Client After Authentication” User Right Privileges to elevate | |||
|
2021-08-04 08:36:11 | Windows Privilege Escalation: SeImpersontate (lien direct) | In this article, we will be showcasing the process of creating a lab environment on an IIS Server running a Windows Server 2019 machine. After setting the IIS server, we will be focusing on the usage of the SeImpersontatePrivilege or Impersonate a Client After Authentication” User Right Privileges to elevate | |||
|
2021-07-30 17:48:11 | Metasploit for Pentester: Creds (lien direct) | This is in continuation with the Metasploit for Pentester series of articles that we are presenting. More specifically we learned about the Workspaces and the Metasploit Database service in this article: Metasploit for Pentester: Database & Workspace. In this article, we will be discussing another database inside the Workspace that | |||
|
2021-07-30 16:42:33 | Metasploit for Pentester: Windows Hidden Bind Shell (lien direct) | In this article, we are going to cover the tactics of Hidden BIND TCP shellcode. Every organization has multiple scanning tools to scan their network and to identify the new or unidentified open ports. In this type of environment, it’s very difficult to hide the suspicious bind shellcode and remains | |||
|
2021-07-30 11:17:01 | Metasploit for Pentester: Migrate (lien direct) | In the continuation in this series of articles dedicated to the Metasploit Framework to provide an appropriate resource for Penetration Testers so that they can use the variety of the features present in the Metasploit Framework to the maximum extent. In this article, we will be talking about the migrate | |||
|
2021-07-30 07:46:09 | Socat for Pentester (lien direct) | Socat is one of those kinds of tools that either you might not know at all, or if you know then you might know all the different kinds of stuff that you can do with it. While working with it, we felt that there are guides for socat but none | |||
|
2021-07-29 17:29:42 | Metasploit for Pentester: Inject Payload into Executable (lien direct) | Being lurking and undetectable is the priority after anonymity. In this article, we are going to learn how to create an innocuous-looking backdoor and bind it with a legitimate executable file to gain the victims' trust. Table of Content Pre-requisites for Lab set up Executable file search on victim's PC | |||
|
2021-07-28 19:38:41 | Wireless Penetration Testing: Wifipumpkin3 (lien direct) | Wifipumpkin3 is a framework that is built on python to give rogue access point attacks to red teamers and reverse engineers. In this article, we would look at how we can use this tool to create a bogus Wi-Fi access point for our victims to connect and how to exploit | Tool | ||
|
2021-07-28 05:37:04 | Metasploit for Pentester: Clipboard (lien direct) | In this series of articles, we will be focusing on the various mechanisms of the Metasploit Framework that can be used by Penetration Testers. Here, we will be discussing the External API extension provided by Metasploit. Among other things, it provides the ability to target the clipboard of the target. | |||
|
2021-07-25 15:26:03 | Wireless Penetration Testing: SSID Discovery (lien direct) | This article will depict “How to discover SSID for WiFi Network” using several tools designed for Windows and Linux platforms. SSID discovery is applicable in Wi-fi hacking or penetration testing. Table of Content inSSIDer Wireless NetView Microsoft Network Monitor NetSurveyor Kismet Airodump-ng Wash Wireshark SSID acronym is used for Service | |||
|
2021-07-24 17:43:37 | Metasploit for Pentester: Database & Workspace (lien direct) | In this series of articles, we are focusing on the various mechanisms of the Metasploit Framework that can be used by Penetration Testers. Today we are going to learn about the workspace and database commands of the Metasploit Framework. Table of Content Introduction Creating a Workspace Hosts Database Vulnerabilities Database | |||
|
2021-07-17 11:11:29 | Wireless Penetration Testing: Wifite (lien direct) | Introduction Wifite is a wireless auditing tool developed by Derv82 and maintained by kimocoder. You can find the original repository here. In the latest Kali Linux, it comes pre-installed. It's a great alternative to the more tedious to use wireless auditing tools and provides simple CLI to interact and perform | Tool | ||
|
2021-07-11 17:07:06 | Wireless Penetration Testing: Bettercap (lien direct) | Introduction According to its official repository here, bettercap is a powerful, easily extensible and portable framework written in Go that aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking | |||
|
2021-07-08 19:21:05 | Wireless Penetration Testing: Aircrack-ng (lien direct) | In our series of Wireless Penetration Testing, this time we are focusing on a tool that has been around for ages. This is the tool that has given birth to many of the Wireless Attacks and tools. Aircrack-ng is not a tool but it is a suite of tools that | Tool | ||
|
2021-07-07 10:40:20 | (Déjà vu) Metasploit for Pentester: Sessions (lien direct) | In this series of articles, we will be focusing on the various mechanisms of the Metasploit Framework that can be used by Penetration Testers. Today we are going to learn about the session's command of the Metasploit Framework. Sessions command helps us to interact and manipulate the various sessions created | |||
|
2021-07-07 10:40:20 | Meterpreter for Pentester: Sessions (lien direct) | In this series of articles, we will be focusing on the various mechanisms of the Metasploit Framework that can be used by Penetration Testers. Today we are going to learn about the session's command of the Metasploit Framework. Sessions command helps us to interact and manipulate the various sessions created | |||
|
2021-07-05 07:09:31 | (Déjà vu) Retro TryHackMe Walkthrough (lien direct) | Today it is time to solve another challenge called “Retro”. It was created by DarkStar7471. It is available at TryHackMe for penetration testing practice. The challenge is of hard difficulty even if you have the right basic knowledge and are attentive to little details that are required in the enumeration | |||
|
2021-07-03 07:38:23 | (Déjà vu) Mustacchio TryHackMe Walkthrough (lien direct) | Today it is time to solve another challenge called “Mustacchio”. It was created by zyeinn. It is available at TryHackMe for penetration testing practice. The challenge is an easy difficulty if you have the right basic knowledge and are attentive to little details that are required in the enumeration process. | |||
|
2021-07-02 18:10:59 | Wireless Penetration Testing: Fluxion (lien direct) | In this series of Wireless Penetration Testing techniques and tools, this time we will be focusing on Fluxion. It uses Social Engineering to manipulate the users to get the password of the wireless access points. Two attacks are supported by Fluxion which we will demonstrate in this article. Table of | |||
|
2021-06-30 18:44:37 | Wireless Penetration Testing: Airgeddon (lien direct) | You’ll discover how to use airgeddon for Wi-Fi hacking in this article. It enables the capture of the WPA/WPA2 and PKMID handshakes in order to start a brute force assault on the Wi-Fi password key. It also aids in the creation of a fictitious AP for launching Evil Twin Attack | |||
|
2021-06-29 09:26:51 | Covenant for Pentester: Basics (lien direct) | This article will showcase the installation, process for compromising a Windows Machine, and the various attacks and tasks that can be performed on that compromised machine through Covenant. Table of Content Introduction Installation Creating Listener Creating Launcher Exploitation Post-Exploitation Task: Screenshot Task: Process-List Task: Mimikatz: SAM Dump Task: Key Logger | |||
|
2021-06-27 19:56:06 | Wireless Penetration Testing: Detect Hidden SSID (lien direct) | Introduction You see an SSID, you connect to it and you onboard a wireless network. But what if I wanted to prevent you from seeing my SSID and thus you are unable to connect? This can be done using the Hide SSID option under your router settings. However, hiding is | |||
|
2021-06-24 18:16:43 | Wireless Penetration Testing: PMKID Attack (lien direct) | Introduction PMKID attack was developed by Team Hashcat. Unlike the traditional handshake capture method (4- way handshake), this method does not wait for a client to re-authenticate. PMKID is directly captured in these attacks and then cracked. This attack works on WPA and WPA2 protocols and recent studies have shown | Studies |
To see everything:
Our RSS (filtrered)
