Category: Hacking with Python

  • digital world.local: Vengeance Walkthrough – OSCP Way

    digital world.local: Vengeance Walkthrough – OSCP Way

    Vengeance is one of the digital world.local series which makes vulnerable boxes closer to OSCP labs. This box has a lot of services and there could be multiple ways to exploit this, Below is what I have tried. Lab requirement: 1. Kali VM 2. Download Vengeance: https://www.vulnhub.com/entry/digitalworldlocal-vengeance,704 3. Some patience. I have written article already…

  • DC-9 Vulnhub Walkthrough – OSCP way

    DC-9 Vulnhub Walkthrough – OSCP way

    Recently, My focus turned more towards OSCP and I am thinking of taking the exam. After reading tons of people’s experience over Reddit, I took some notes on what would be my way of studying for this. It isn’t easy from the looks of it and to win with time, I need a lot of…

  • Empire: LupinOne Walkthrough – Privilege escalation through Python Libs

    Empire: LupinOne Walkthrough – Privilege escalation through Python Libs

    This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup. Let’s look into exploiting this: Requirements: 1. Vmware/Virtual Box < This is to run the vulnerable machine. 2. Download LupinOne…

  • Walkthrough for Vulnhub : Pylington

    Walkthrough for Vulnhub : Pylington

    This article is a walkthrough for Pylington Virtual machine. The machine is based on getting root flag, I did it via bypassing python sandbox environment and privilege escalation by SUID bit. I have worked with VMware throughout this walkthrough. You can run the machines in VirtualBox or any other environment you are comfortable with. Make…

  • How to setup your own Basic Telemetry Lab with Cisco XR

    How to setup your own Basic Telemetry Lab with Cisco XR

    In this article, we will be talking about setting up a basic Lab for testing Telemetry on a Cisco NC55XX router. Telemetry – “Tele” means remote, “metry” means metrics or measurements, together this word simply means to collect data/measurements remotely on a server. Telemetry is usually a PUSH model meaning the client will push data…

  • Ease in Automation: Convert Router Output to Json Format

    Ease in Automation: Convert Router Output to Json Format

    In this article we will be talking about converting the output from Cisco XR into a Json File for further utilization or automation. The following code can be used and can be redesigned to work with several other commands and output in other variants of Cisco XE, XR etc., as well as other vendor devices.…

  • BugCrowd’s LevelupCTF 0x07 walkthrough

    BugCrowd’s LevelupCTF 0x07 walkthrough

    LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken…

  • OVERTHEWIRE NATAS SERIES: 17 – 18 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 17 – 18 LEVEL Walkthrough

    OVERTHEWIRE NATAS level 17-18 is about blind sql injection. To make the level more complicated, the output hasn’t been displayed. Let’s dive in the level: If you look at the code below. It is a simple code which takes the username and check for its existence in the table users. but No output display! This…

  • OVERTHEWIRE NATAS SERIES: 16 – 17 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 16 – 17 LEVEL Walkthrough

    The walkthrough for the last level is available on this link: http://www.anonhack.in/2018/09/overthewire-natas-series-15-16-level-walkthrough/ This level is little bit similar to the last level. Here we have to perform a command injection. Let’s have a look at the source code of this level: See the highlighted text in the code above. $key variable is the one carrying our…

  • OVERTHEWIRE NATAS SERIES: 15 – 16 LEVEL Walkthrough

    OVERTHEWIRE NATAS SERIES: 15 – 16 LEVEL Walkthrough

    If you want to see the level 14- 15, follow this link: http://www.anonhack.in/2018/09/overthewire-natas-series-14-15-levels/ Level 15-16 is also based on SQL injection but here we have to work on boolean based SQL injection technique. Let me how you how: This is what the screen looks like: I put “natas16” as the user here and it turns out…

  • Bruteforcing FTP using ftplib: Hacking with Python

    Bruteforcing FTP using ftplib: Hacking with Python

    The article will guide you on how to bruteforce FTP using ftplib library in python. I have already posted an article on how to check for anonymous FTP script. FTP is File transfer protocol which is used to upload/download files from server to client. It works on Port 21. FTPLIB provides many features to python…