Linux for Pentester: ed Privilege Escalation

July 14, 2019

Here in this article, we are going to introduce a line-oriented text editor command i.e. “ed” which is used to generate, display, alter and operate text files. All ed commands operate on whole lines or ranges of lines; e.g., the “d” command deletes lines; the “m” command moves lines, “t” command copy the lines and so on, therefore, now we will check that how we can successfully execute our task…

Read More >>

Steganography: The Art of Concealing

July 14, 2019

In this post, we will introduce the multiple ways for hiding any text that are based on Audio, Image, Video and White text. For achieving this we will use a method that is known as “Steganography”. The term steganography refers to the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection. So here we will check all those methods that can help…

Read More >>

Matrix-3: Vulnhub Walkthrough

July 12, 2019

Today we are going to take another CTF challenge from the series of Matrix. The credit for making this VM machine goes to “Ajay Verma” and it is another boot2root challenge where we have to root the server and capture the flag to complete the challenge. You can download this VM here. Security Level: Intermediate Penetrating Methodology: Scanning Netdiscover NMAP Enumeration Web Directory Search  Exploitation Ghidra SSH Privilege Escalation Exploiting Sudo rights…

Read More >>

Escalate_Linux: Vulnhub Walkthrough (Part 1)

July 11, 2019

Escalate_Linux is an intentionally developed Linux vulnerable virtual machine. The main focus of this machine is to learn Linux Post Exploitation (Privilege Escalation) Techniques. The credit for making this VM machine goes to “Manish Gupta” and it is a boot2root challenge where the creator of this machine wants us to root the machine through twelve different ways. You can download the machine following this link: https://www.vulnhub.com/entry/escalate_linux-1,323/ NOTE: In this article,…

Read More >>

PumpkinRaising : Vulnhub Walkthrough

July 9, 2019

PumpkinRaising is another CTF challenge from the series of Mission-Pumpkin v1.0 created by keeping beginners in mind and all credit for this VM goes to Jayanth. This level is all about identifying 4 pumpkin seeds (4 Flags – Seed ID’s) and gain access to root and capture the final Flag.txt file. You can download it from here: https://www.vulnhub.com/entry/mission-pumpkin-v10-pumpkinraising,324/ Level: Beginner to Intermediate Penetrating Methodologies Scanning Enumeration txt Abusing HTTP services…

Read More >>

Linux for Pentester: pip Privilege Escalation

July 8, 2019

The main objective of this article is to make attentive our readers for the other most expedient command from the list of Linux for pentesters. As we know apart from copying, downloading and searching task user desires other excessive operational mission i.e. installation of packages. So in this article, we are going to make you familiar with the command that can perform such task i.e. “pip”. The main utilities of…

Read More >>

PumpkinGarden: Vulnhub Walkthrough

July 7, 2019

Today we are going to solve another CTF challenge known as mission Pumpkin and credit for making this VM machine goes to Jayanth which is designed for people who are beginners in the penetration testing field. The mission of this CTF is to gain access to PumpkinGarden_key file stored in the root account. So, let’s proceed towards solve this Mission Pumpkin. You can download this VM from vulnhub.com: https://www.vulnhub.com/entry/mission-pumpkin-v10-pumpkingarden,321/ Security…

Read More >>

Symfonos:1 Vulnhub Walkthrough

July 7, 2019

This is another post on vulnhub CTF “named as “symfonos” by Zayotic. It is designed for VMware platform, and it is a boot to root challenge where you have to find flags to finish the task assigned by the author. You can download it from here: https://www.vulnhub.com/entry/symfonos-1,322/ Level: Beginner to Intermediate Penetrating Methodologies Scanning Netdiscover Nmap Enumeration SMB Shares folder Wpscan Exploiting Exploiting WordPress again LFI LFI to RCE via…

Read More >>

Linux for Pentester: git Privilege Escalation

July 7, 2019

In this article, we will understand a very dominant command i.e “git” which is use in version control of software development for controlling source code and helps the software developer. Here I’m using the basic commands that a git can perform to learn its advantage in our mission of privilege escalation. So by knowing this fact, we will examine how we can take this benefit in our Privilege Escalation. Table…

Read More >>

Hack the Box: Help Walkthrough

June 23, 2019

Help is a recently retired CTF challenge VM on Hack the Box and the objective remains the same– Capture the root flag. Hack the Box offers a wide range of VMs for practice from beginner to advanced level and it is great for penetration testers and researchers. Level: Intermediate Task: To find user.txt and root.txt file Note: Since these labs are online available, therefore, they have a static IP. The…

Read More >>