ADITYA'S BLOG

Welcome to the walkthrough of InfoSec Prep: OSCP walkthrough. It is a beginner-level boot2root machine and it can be downloaded from  here . I cracked this machine literally 5 minutes after it booted properly. So you can consider this machine the easiest.  Hint: Nmap Finding secret.txt and decoding it. Login via ssh. Privilege escalation to root via SUID binary.  Boot up the machine and it should show the IP address. We start off by pinging the box to verify that the box is up and running and we can reach out to it. Command: ping <IP> Then we can run Nmap scan to look for open ports and services running on the box. We will use -sC for running default scripts, -sV for Version/Service info and -T4 for faster execution, and -o for saving the result on a file named nmap The command is: sudo nmap -sC -sV -T4 <IP> -o filename Looking at the scan results, port 22 is open and running ssh, and port 80 is open, and it's running Apache. We can also see a directory named secret.txt

HackTheBox  is an excellent platform for various pen-testers to increase their testing skills and increasing knowledge. Machine Level -Easy Machine Name -Lame Machine OS -Linux Machine IP -10.10.10.3 Tools: Nmap  -Nmap is a fantastic tool for scanning open ports, services, and OS detection. You can use other tools other than Nmap (whichever you are more comfortable with ) like Masscan, SPARTA, etc to scan for open ports. Metasploit  -One of the most common and widely used tools by pen-testers to launch exploits, it is maintained by Rapid 7. Many books are available to understand the features of this tool. We will be performing the attack by two methodologies (using and without using Metasploit). Methodology 1 (using Metasploit) Scanning the machine is the first step(i.e. Enumeration). We use the following Nmap command, nmap -sSVC 10.10.10.3 (we can run the command with sudo privileges if an error occurs regarding privileges.) The command scans for only open p

Neighbour is an easy-level machine that I was able to solve in 5 minutes.  Make sure you are connected to VPN and the victim machine is up and running. Browsing to the IP generated opens up a web login interface, which requires a valid username and password.  At this point, you can test for multiple vulnerabilities like SQL injection, default credentials, and all but for now, we will keep it simple here as the hint says to look into the source.  Looking at the source code we find a pair of credentials and also an additional username admin . After logging in as a guest we observe an anomaly in the URL, the user parameter defines the current user we are logged in as, assuming that the back end treats this parameter as an object we can try to reference it to another user, so we try to access admin panel via IDOR. And we successfully log in as an admin user and we also retrieved the flag. Preventions:-  Verification of all referenced objects should be done. Implement access control on all

Image credits to  Dribble What is Kubernetes? "Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation." - Kubernetes To understand in a simple way, we can say Kubernetes is an open source system to scale, deploy and manage containers. It automates operational tasks and has built-in commands for deploying applications, rolling back changes, scaling up and down your application as per requirements, and monitoring which makes managing applications easier. Why  Kubernetes? Containers are a good way to bundle and run your application, but when these are deployed in large volumes then you need a centralized framework for running distributed systems resiliently ensuring minimum downtime. Benefits of  Kubernetes: Automation  of day-to-day operations, rollouts, and rollbacks. Secret and Configuration Management  -  Kubernetes lets you store and manage sensitive informa

  Image credits to  Leobit This is a walkthrough of an exercise created by  PentesterLab  as a free course for learning beginner-friendly source code review. The link to the source code is here . Either clone it or download it as a zip locally. As instructed in the exercise we won't run the run, just read through the source code and look for possible weaknesses that we can leverage into vulnerabilities. LIST OF WEAKNESSES You can find below the list of issues present in the application: Hardcoded credentials or secrets Information leak Missing security flags Weak password hashing mechanism Cross-Site Scripting No CSRF protection Directory Listing Crypto issue Signature bypass Authentication bypass Authorization bypass Remote Code Execution Hand-On Findings and Objectives * Hardcoded credentials or secrets          Finding hardcoded credentials

Welcome to the walkthrough of Photographer 1 presented by VulnHub, a boot-to-root machine which focuses on Koken CMS unrestricted file upload vulnerability leading to RCE. The vulnerable machine can be downloaded from here . Hints for machine. Netdiscover, Nmap Port 8000 Koken CMS Smbclient Php file upload Shell Finding SUID - php7.2 Privilege Escalation Walkthrough: # Finding IP address Once the machine is deployed the first task is to obtain its IP address. We will use tool named netdiscover to discover all the IPs in our internal network  Command is sudo netdiscover -i eth0 Since no other virtual machine is up, this seems like the IP address of the victim. # Nmap scan As usual we start with basic nmap scan. Command is sudo nmap -sC -sV -T4 <IP> Command details sudo – to run with root privileges -sC – running default scripts -sV – Version/Services info -T4 – faster execution Looking at the results we have a higher port 8000 open that is running Koken,