Linux Privilege Escalation using Sudo Rights

May 24, 2018

In our previous articles, we have discussed Linux Privilege Escalation using SUID Binaries and /etc/passwd file and today we are posting another method of “Linux privilege Escalation using Sudoers file”. While solving CTF challenges, for privilege escalation we always check root permissions for any user to execute any file or command by executing sudo -l command. You can read our previous article where we had applied this trick for privilege…

Read More >>

Hack the Box Challenge: Jeeves Walkthrough

May 21, 2018

Hello Friends!! Today we are going to solve another CTF Challenge “Jeeves”. This VM is also developed by Hack the Box, Jeeves is a Retired Lab and there are multiple ways to breach into this VM. In this lab, we have escalated root privilege in 3 different ways and for completing the challenge of this VM we took help from Tally (Hack the box). Level: Medium Task: Find the user.txt and…

Read More >>

Hack the Trollcave VM (Boot to Root)

May 20, 2018

Hello friends! Today we are going to take another CTF challenge known as Trollcave. The credit for making this vm machine goes to “David Yates” and it is another boot to root challenge in which our goal is to gain root access and capture the flag to complete the challenge. You can download this VM from here. Let’s Breach!!! Let’s start with getting to know the IP of VM (Here, I have…

Read More >>

Hack the Box Challenge: Fluxcapacitor Walkthrough

May 18, 2018

Hello friends!! Today we are sharing our experience that can be helpful in solving new CTF challenge: Fluxcapacitor of Hack The Box. Solving this lab is not much easy, all you need is your web penetration testing skill to solve this challenge. This lab is designed to bypass Web Application Firewall (WAF) for exploiting OS command injection vulnerability in this machine. Level: Medium Task: Find the user.txt and root.txt in the…

Read More >>

Linux Privilege Escalation using SUID Binaries

May 16, 2018

In our previous article we have discussed “Privilege Escalation in Linux using etc/passwd file” and today we will learn “Privilege Escalation in Linux using SUID Permission.” While solving CTF challenges we always check suid permissions for any file or command for privilege escalation. It is very important to know what SUID is, how to set SUID and how SUID helps in privilege escalation. You can read our previous article where…

Read More >>

Capture NTLM Hashes using PDF (Bad-Pdf)

May 12, 2018

Today we are demonstrating stealing NTLM hashes through a pdf file. We have already discussed the various method to Capture NTLM Hashes in a Network in our previous article. Recently a new tool has launched “Bad-PDF” and in this article, we are sharing our experience. Bad-PDF create malicious PDF to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines, it utilizes vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf…

Read More >>

Privilege Escalation in Linux using etc/passwd file

May 12, 2018

In this article, we will learn “Various methods to alter etc/passwd file to create or modify a user for root privileges”. Sometimes, it is necessary to know ‘how to edit your own user for privilege escalation in machine’ inside /etc/passwd file, once target is compromised. Firstly, we should be aware of /etc/passwd file in depth before reaching to the point. Inside etc directory, we will get three most important files…

Read More >>

Hack the Box Challenge: Tally Walkthrough

May 8, 2018

Hello Friends!! Today we are going to solve a CTF Challenge “Tally”. It is a lab that is developed by Hack the Box. They have an amazing collection of Online Labs, on which you can practice your penetration testing skills. They have labs are designed for beginner to the Expert penetration tester. Tally is a Retired Lab. Level: Medium Task: Find the user.txt and root.txt in the vulnerable Lab. Let’s Begin!!…

Read More >>

Hack the Box Challenge: Inception Walkthrough

May 1, 2018

Hello friends!! Today we are going to solve another challenge “Inception” which is categories as retired lab presented by Hack the Box for making online penetration practices. Solving challenges in this lab is not that much easy, you have to use your entire Penetration testing skills. Let start and learn how to breach a network and then exploit it for retrieving desired information. Level: Hard Task: find user.txt and root.txt file on victim’s machine. Since these labs are…

Read More >>

Hack the Box Challenge Bashed Walkthrough

April 30, 2018

Hello Friends!! Today we are going to solve a CTF Challenge “Bashed”. It is a lab that is developed by Hack the Box. They have an amazing collection of Online Labs, on which you can practice your penetration testing skills. They have labs are designed for beginner to the Expert penetration tester. Bashed is a Retired Lab. Level: Medium Task: Find the user.txt and root.txt in the vulnerable Lab. Let’s Begin!…

Read More >>