Lab Intro The lab is divided in two main parts: Network authentication cracking Bruteforce and password cracking In the first part of the lab you will have to use different network authentication cracking techniques and tools against services available on the target machine. Once valid credentials have been found, it is time to download the…
Tag: Pentest
Road to Pentester – INE Lab – Sql Injection
Lab Intro In this lab you can practice the SQL Injection techniques and tools studied during the course. You can access the target web application at the following address 10.124.211.96. The goal of this lab is to test the web application in order to find all the vulnerable injection points. Once you find them, you…
VIM Privilege Escalation with Server Client Mode
Background Recently, I’ve developed this work flow which involves using the server client mode of vim. For further information about server client mode of vim, there’re tons of articles about that. The main problem is that, if I run vim server with non-root user, I cannot edit system files which belong to root. To solve…
Road to Pentester – INE Lab – BurpSuite
Lab Intro A local police department has hired you to pentest their website. They had a new website created by a web development company and they want to make sure that everything is secure and in order. In this lab you will practice with Burp Suite, configuring the scope of the engagement, intercepting the communications…
Road to Pentester – Lab INE – BurpSuite Basics
Lab Intro This lab focuses on how to use burp suite. A client provides you with a URL to a web application running on a remote server. The client wants to know if there are any sensitive resources exposed. Use Burp Suite to identify if a sensitive resource was left unprotected by developers. Intranet Subnet:…
Road to Pentester – INE Lab – Data Exfiltration
Lab Intro Intranet Subnet: 172.16.91.0/24 Under-investigation machine’s IP: 172.16.91.100 Connection Type: RDP Task 1 Connect to and scrutinize the 172.16.91.100 machine. Use the connection details documented in the Network configuration & credentials section above to connect to the 172.16.91.100 machine. Inspect the 172.16.91.100 machine for any interesting files. Identify all the available scripting languages, which…
Road to Pentester – INE Lab – Find the Secret Server
Lab Intro There’re three networks in the lab, two of which are accessible because they are already configured in the routing table. Though the third one is not. The third network is marked 192.168.222.199. And all the networks reside in a /24 network. Goal Add routing entry for the third network to make it accessible….
0x300-从头开始写操作系统-内核
目录 回顾 今日目标 必要工具的安装及介绍 工具一览 工具介绍 GCC Hosted Environment Freestanding Environment Linker C 语言编译(gcc 的临时文件) 预处理或预编译(Pre-processing) 编译(Compiling) 汇编(Assembly) 链接(Linking) Objdump Nasm Ndisasm Cross-compiler C 与汇编 局部变量 条件判断 循环 函数调用 指针 加载内核 手动编译 指定内核入口 extern 指令 Makefile 基本规则 特殊变量 默认目标与临时文件清理 宏、匹配规则与通配符 新的代码结构 新的 Makefile Debug 内核代码 QEMU 与 GDB 总结 参考链接 回顾 上一篇文章,我们讨论了以下内容: 读取硬盘所需的参数设置,硬盘数据的地址由 CHS 提供,我们需要将柱面,磁头,扇区信息写入相应的寄存器…
2020-06-10-进度更新
“从头开始写操作系统” 的系列文章进行到了内核阶段。写作已经开始,正在组织思路。这一章节,如果只是看代码,那么就会忽略很多的细节。我准备从编译工具开始入手,讲一下为什么在内核这个阶段会涉及和之前不同的工具链;接着,我会讨论 C 代码与汇编的关系,从一个什么都不做的 C 程序,到有局部变量,到有方法调用,到有指针,从这几种情况入手分别通过反汇编,来学习 C 语言与汇编的相互关联。 OS-From-Scratch 的作者在书中说,学习和深入 C 最好的步骤不是从比他更高级的语言如 Java,Python 入手,而是应该从比他更加低级的汇编入手,才能真正了解 C 的特性,才能真正充分发挥 C 的高效。 另外,Hacking – The Art of Exploitation 一书也正在不断阅读当中。选择这本书是偶然,但是却和现在正在进行的操作系统编写非常契合。书的前两章针对 GDB,C 与汇编做了大量的讲解,作为 OS-From-Scratch 的补充非常不错。 周五会出行,所以内核这篇文章,预计将在下周三发布。
2020-06-07-近期进展以及后续计划
看了一下之前的动态。博客结构的调整找时间一定会做。现在在成长期会感觉思路有点乱,因此反映在博客结构上。 另外,半个月来的进展还是很多的。现在主要精力放在了从头写操作系统的那个系列文章上,现在已经进行到内核阶段。这次一定会借助博客之力,把操作系统这块弄懂。 除了操作系统这块,还在不断地写 WebApp 和逆向两个主题地文章。但是感觉 WebApp 方面有点乏力,目前没有很好的练习资源了。HTB 太随机,并没有标出来哪个 box 是 WebApp 的练习,也没有太多的针对性。 今天开始我会找一点 CTF 来继续 WebApp 的主题。 逆向这块,还是继续从 narnia 中不断学习。narnia 结束之后,同样也是找一些逆向的 CTF。 HackTheBox 准备重新开启,写作模式改变一下,要从 log 性质,改成总结性质。将可以学到的东西总结出来,这样的文章才更有意义。 Keep it up!