Dev Log – Don’t Miss a Thing (DMaT)

Background It’s getting messy when the warehouse is separated to another location. We used to pack all the products right at the store. So when the sales assistants need to communicate with the delivery staff. The Problem Phone Calls and Voice Messages So, each time a sales assistant’s got some information to inform the delivery…

Pentest – Case Studies

Boxes HackTheBox Bounty Hunter Overview JS code, used XML as post parameter to retrieve data from some source. It used .val() attribute to get the value of user input. No sanitation was applied, thus highly vulnerable to XXE injection. Web Vulnerable Code function returnSecret(data) { return Promise.resolve($.ajax({ type: "POST", data: {"data":data}, url: "tracker_diRbPr00f314.php" })); }…

Pentest/CTF Take-aways(search refs to change all broken refs)

Windows Active Directory Port 88 (kerberos), 389 (ldap), 636 (ldap), 3268 (ldap) SYSVOL content found If SYSVOL content found. And if GPP (Group Policy Preferences) is applied, there will be a Groups.xml file that contains credentials in Policies directory somewhere. Find it use: find . -iname "groups.xml" GPP Password Hash found Use gpp-decrypt tools to…

Pet +fzf + glow 打造 CLI 端高效 Wiki

背景 首先看一下小项目完成之后的成果。 Pet 配合 glow 之后,可以在命令行输出 markdown Pet 是一个命令行 snippet management 小工具。特别的实用。一切都是从它开始。Github 链接。 使用 Pet 少说有 5 年了。它的作用就是将你常用的命令保存起来,然后你可以添加关键词,最后可以使用 fzf 或者 peco 搜索关键词来快速提取常用命令,提高效率。 配置和命令都会被保存到 toml 文件里,路径在 /home/usr/.config/pet/ 下。 安装很简单,看它的 Github 主页就行。使用 Pet 必须要安装 fzf。 这里是一个原始 Pet 的使用截图。 你可以使用 <> 将保存动态的参数,Pet 可以自动匹配这样的 tag,然后让你输入所需的参数。 bash 或者是 zsh,都可以设置一个 alias 将 Pet 的输出 pipe 到 xclip 就能保存命令,并且它还支持直接执行(pet exec)。 无尽的需求 首先我想保存一些简单的定义,比如什么是…

HackTheBox – Armageddon

Overview Pretty simple box. Learn about Drupal exploits, ssh brute force, and snap privilege escalation. Solution Recon Nmap FIrst nmap the target. Got port 22 and 80 open. Try SSH to the box. SSH banner reveals no useful information. Websiite Checkout the website. I tried to use single quote in the login form to test…

Road to Pentest – INE Lab – Black Box 3

Lab Intro You have been engaged in a Black-box Penetration Test (172.16.37.0/24 range). Your goal is to read the flag file on each machine. On some of them, you will be required to exploit a remote code execution vulnerability in order to read the flag. Some machines are exploitable instantly but some might require exploiting…

Road to Pentester – INE Lab – Black Box 2

Lab Intro You have been engaged in a Black-box Penetration Test (172.16.64.0/24 range). Your goal is to read the flag file on each machine. On some of them, you will be required to exploit a remote code execution vulnerability in order to read the flag. Some machines are exploitable instantly but some might require exploiting…

Road to Pentester – INE Lab – Black Box 1

Lab Intro You have been engaged in a Black-box Penetration Test (172.16.64.0/24 range). Your goal is to read the flag file on each machine. On some of them, you will be required to exploit a remote code execution vulnerability in order to read the flag. Some machines are exploitable instantly but some might require exploiting…

Road to Pentester – INE Lab – Metasploit

Lab Intro In this lab, you will have to use Metasploit and meterpreter against a real machine; this will help you become familiar with the Metasploit framework and its features. Solution I’m now in a 192.168.99.0/24 network. One host is alive. Finger-print the host with nmap. nmap -sC -sV -v 192.168.99.12 A lot of results….