-
digital world.local: Vengeance Walkthrough – OSCP Way
Vengeance is one of the digital world.local series which makes vulnerable boxes closer to OSCP labs. This box has a lot of services and there could be multiple ways to exploit this, Below is what I have tried. Lab requirement: 1. Kali VM 2. Download Vengeance: https://www.vulnhub.com/entry/digitalworldlocal-vengeance,704 3. Some patience. I have written article already…
-
DC-9 Vulnhub Walkthrough – OSCP way
Recently, My focus turned more towards OSCP and I am thinking of taking the exam. After reading tons of people’s experience over Reddit, I took some notes on what would be my way of studying for this. It isn’t easy from the looks of it and to win with time, I need a lot of…
-
Empire: LupinOne Walkthrough – Privilege escalation through Python Libs
This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup. Let’s look into exploiting this: Requirements: 1. Vmware/Virtual Box < This is to run the vulnerable machine. 2. Download LupinOne…
-
Walkthrough for Vulnhub : Pylington
This article is a walkthrough for Pylington Virtual machine. The machine is based on getting root flag, I did it via bypassing python sandbox environment and privilege escalation by SUID bit. I have worked with VMware throughout this walkthrough. You can run the machines in VirtualBox or any other environment you are comfortable with. Make…
-
How to setup your own Basic Telemetry Lab with Cisco XR
In this article, we will be talking about setting up a basic Lab for testing Telemetry on a Cisco NC55XX router. Telemetry – “Tele” means remote, “metry” means metrics or measurements, together this word simply means to collect data/measurements remotely on a server. Telemetry is usually a PUSH model meaning the client will push data…
-
Ease in Automation: Convert Router Output to Json Format
In this article we will be talking about converting the output from Cisco XR into a Json File for further utilization or automation. The following code can be used and can be redesigned to work with several other commands and output in other variants of Cisco XE, XR etc., as well as other vendor devices.…
-
BugCrowd’s LevelupCTF 0x07 walkthrough
LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken…
-
OVERTHEWIRE NATAS SERIES: 17 – 18 LEVEL Walkthrough
OVERTHEWIRE NATAS level 17-18 is about blind sql injection. To make the level more complicated, the output hasn’t been displayed. Let’s dive in the level: If you look at the code below. It is a simple code which takes the username and check for its existence in the table users. but No output display! This…
-
OVERTHEWIRE NATAS SERIES: 16 – 17 LEVEL Walkthrough
The walkthrough for the last level is available on this link: http://www.anonhack.in/2018/09/overthewire-natas-series-15-16-level-walkthrough/ This level is little bit similar to the last level. Here we have to perform a command injection. Let’s have a look at the source code of this level: See the highlighted text in the code above. $key variable is the one carrying our…
-
OVERTHEWIRE NATAS SERIES: 15 – 16 LEVEL Walkthrough
If you want to see the level 14- 15, follow this link: http://www.anonhack.in/2018/09/overthewire-natas-series-14-15-levels/ Level 15-16 is also based on SQL injection but here we have to work on boolean based SQL injection technique. Let me how you how: This is what the screen looks like: I put “natas16” as the user here and it turns out…
-
Bruteforcing FTP using ftplib: Hacking with Python
The article will guide you on how to bruteforce FTP using ftplib library in python. I have already posted an article on how to check for anonymous FTP script. FTP is File transfer protocol which is used to upload/download files from server to client. It works on Port 21. FTPLIB provides many features to python…
-
Anonymous FTP login checker script using Python: Hacking with Python Series
FTP is file transfer protocol working on port 21. It is used for transferring files from Client to Server. It is a widely used service. In python, we have only one library for FTP in python that makes all connections for us. The library is ftplib.
