PRINT
PRINT
SEND MAIL
SEND MAIL

Category: TUTORIALS

penetration testingTUTORIALS

Windows Privilege Escalation (AlwaysInstallElevated)

Hello Friends!! In this article we are demonstrating the Windows privilege escalation method via the method of AlwaysInstallElevated policy. In penetration testing, when we spawn command shell as local user, it is possible to exploit the vulnerable features (or configuration settings) of Windows Group policy, to further elevate them to admin privileges and gain the administrator access Table of Content Introduction Lab setup Spawn command shell as local user Escalate privilege manually via .msi payload (MSfvenom) Escalated privilege via Adding user Administrators Group (Msfvenom)…

penetration testingTUTORIALS

Windows Privilege Escalation (Unquoted Path Service)

Hello Friends!! In this article we are demonstrating Windows privilege escalation via Unquoted service Path.  In penetration testing when we spawn command shell as local user, it is not possible to check restricted file or folder, therefore we need to escalated privileges to get administrators access. Table of content Introduction Lab setup Spawn command shell as local user Escalated privilege via Prepend-migrate Escalated privilege via Adding user Administrators Group Escalated privilege via RDP & Sticky_keys Introduction Unquoted service Path Vulnerability The vulnerability is related…

CTF ChallengesTUTORIALS

Hack the ch4inrulz: 1.0.1 (CTF Challenge)

Hello readers and welcome to another CTF challenge. This VM is made by Frank Tope as you’ll see in the very homepage on the server’s website (his resume). Nice touch, if I might add. Anyhow, you can download this VM from vulnhub here. The aim of this lab is to get root and read the congratulatory message written in the flag. I would rate the difficulty level of this lab to be intermediate. Although, there were no buffer overflows or unnecessary exploit development, yet…

CTF ChallengesTUTORIALS

Hack the Wakanda: 1 (CTF Challenge)

Hello friends! Today we are going to take another CTF challenge known as Wakanda and it is another capture the flag challenge provided for practice. So let’s try to break through it. But before please note that you can download it from here. Security Level: Intermediate Flags: There are three flags (flag1.txt, flag2.txt, root.txt) Penetrating Methodologies Network Scanning (Nmap, netdiscover) HTTP service enumeration Exploiting LFI using php filter Decode the base 64 encoded text for password SSH Login Get 1st Flag Finding files owned…

CTF ChallengesTUTORIALS

Hack the WinterMute: 1 (CTF Challenge)

Hello friends! Today we are going to take another CTF challenge known as Wintermute (Part 1) and it is another boot2root challenge provided for practice. So let’s try to break through it. But before please note that you can download it from here Security Level: Intermediate Author Note: There are 2 important things to note down for this lab No buffer overflows or exploit development – any necessary password cracking can be done with small wordlists. Straylight – simulates a public facing server…

CTF ChallengesTUTORIALS

Hack the LAMPSecurity: CTF 7 (CTF Challenge)

Hello friends! Today we are going to take another CTF challenge known as LAMPSecurity CTF7 and it is another boot2root challenge provided for practice and its security level is for the beginners. So let’s try to break through it. But before please note that you can download it from here Penetrating Methodologies Network Scanning (Nmap) Login form SQL injection Upload php web shell Spawn TTY shell (Netcat) Mysql Login Steal MD5 password Crack MD5 hashes (John the ripper) SSH login Sudo privilege escalation…

CTF ChallengesTUTORIALS

Hack the Box: Holiday Walkthrough

Hello friends!! Today we are going to solve another CTF challenge “Holiday” which is available online for those who want to increase their skill in penetration testing and black box testing. Holiday is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable labs as challenges from beginners to Expert level. Level: Expert Task: find user.txt and root.txt file on victim’s machine. Since these labs are online available therefore they have static IP and IP of sense is 10.10.10.25 so…

CTF ChallengesTUTORIALS

Hack the Box: Silo Walkthrough

Hello friends!! Today we are going to solve another CTF challenge “Silo” which is available online for those who want to increase their skill in penetration testing and black box testing. Silo is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable labs as challenges from beginners to Expert level. Level: Expert Task: find user.txt and root.txt file on victim’s machine. Steps involved: Post scanning to discover open ports SID brute force Credential brute force Create payload…

CTF ChallengesTUTORIALS

Hack the Lampião: 1 (CTF Challenge)

Hello friends!! Today we are going to solve another CTF challenge “Lampião: 1”. This VM is developed by Tiago Tavares, which is a standard Boot-to-Root challenge. Our goal is to get into the root directory and see the congratulatory message. Level: Easy Task: To Find The Final Flag. Let’s Breach!! The target holds 192.168.1.105 as network IP; now using nmap lets find out open ports.nmap -p- -A 192.168.1.105 Nmap scan shows us port 22, 80, 1898 are open, so we thought of opening the…