Web Developer: 1: Vulnhub Lab Walkthrough

March 14, 2019

Hello friends! Today we are going to take another boot2root challenge known as “Web Developer: 1”. The credit for making this VM machine goes to “Fred Wemeijer” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download this VM here. Security Level: Intermediate Penetrating Methodology: IP Discovery using netdiscover Network scanning (Nmap) Surfing HTTP service port Enumerating directories…

Read More >>

Command and Control Guide to Merlin

March 12, 2019

In this article, we learn how to use Merlin C2 tool. It is developed by Russel Van Tuyl in Go language. Table of content: Introduction Installation Windows exploitation Windows post exploitation Linux exploitation Linux post exploitation Introduction Merlin is great cross platform Command and control tool written in Go language. It’s made of two elements i.e. the server and agent. It works on HTTP/2 protocol. The best things about merlin…

Read More >>

unknowndevice64: 1: Vulnhub Lab Walkthrough

March 11, 2019

Hello friends! Today we are going to take another boot2root challenge known as “unknowndevice64: 1”. The credit for making this VM machine goes to “Ajay Verma” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download this VM here. Security Level: Beginner Penetrating Methodology: IP Discovery using netdiscover Network scanning (Nmap) Surfing HTTP service port Finding image File…

Read More >>

Bypass User Access Control using Empire

March 9, 2019

This is the fifth article in our empire series, for the basic guide to empire click here. In this article, we will learn to bypass administrator privileges using various bypassuac post-exploitation methods. UAC stands for User Account Control, which means which user has how many rights to make changes in the system. The rights are given too a user depends on the integrity levels; which are : High : Administrator…

Read More >>

nps_payload: An Application Whitelisting Bypass Tool

March 8, 2019

In this article, we will create payloads using a tool named nps_payload and get meterpreter sessions using those payloads. This tool is written by Larry Spohn and Ben Mauch. Find this tool on GitHub. Attacker: Kali Linux Target: Windows 10 Table of Content: Downloading and Installing Getting session using MSBuild Getting session using MSBuild HTA Downloading and Installing First, we will get the tool in our attacker machine. It is…

Read More >>

Casino Royale: 1 Vulnhub Walkthrough

March 8, 2019

Today we are going to solve another CTF challenge “Casino Royale: 1”. It is a vulnerable lab presented by author creosote for helping pentesters to perform online penetration testing according to your experience level. The challenge is to get root on the Targeted Virtual Machine and read the flag.sh within that directory. Difficulty: Intermediate Penetrating Methodologies IP discovery and Port Scanning. Browsing the IP on port 8080. Discovering accessible directories…

Read More >>

DC-1: Vulnhub Walkthrough

March 6, 2019

Hello friends! Today we are going to take another boot2root challenge known as “DC-1: 1”. The credit for making this VM machine goes to “DCAU” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download this VM here. Security Level: Beginner Penetrating Methodology: IP Discovery using netdiscover Network scanning (Nmap) Surfing HTTPS service port (80) Finding Drupal CMS…

Read More >>

Hiding IP During Pentest using PowerShell Empire (http_hop)

March 6, 2019

This is our fourth article in empire series, in this article we learn to use hop payload in PowerShell empire. Empire has an inbuilt listener named http_hop which allows us to redirect our traffic to one of our another active listener after getting an agent. Thus, the name hop as it hops the agent from one listener to another in order to redirect traffic. Similar to Metasploit, the hop listener…

Read More >>

Replay: 1: Vulnhub Lab Walkthrough

March 4, 2019

Hello friends! Today we are going to take another boot2root challenge known as “Replay: 1”. The credit for making this VM machine goes to “c0rruptedb1t” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download this VM here. Security Level: Intermediate Flags: There is one flag (flag.txt). Penetrating Methodology: IP Discovery using netdiscover Network scanning (Nmap) Surfing HTTPS…

Read More >>

Windows Persistence with PowerShell Empire

March 3, 2019

This is the third article in our empire series, through this we will learn elevated persistence methods. Its trigger method is pretty organised with storage options contained within each module. In Empire, the elevated persistence modules use trigger method and different storage options are required in different modules.  All of these persistence modules are based on PowerSploit’s persistence. As these are elevated persistence, it requires you to have admin access…

Read More >>