BWApp Write-Up Apr 21, 2014 This post contains the steps to get a root shell with bWapp VM Host discovery As always, we need to discover where the machine is on our network. To do so, let's use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address (192.168.1.10), we need to do some fingerprinting. nmap -sV 192.168.1.10 Fig. Nmap scan result A lot of services were open, such as: VNC, FTP, etc. As I saw it in the scan report, I decided to scan the port 80 with Nikto. ...
Scream Write-up Apr 16, 2014 This post contains the steps to get a root shell with Scream VM This VM can he found here. Have a look to find even more VMs. But before starting the report, I'd like to congratulate g0tmi1k for his awesome tool : VulnInjector. Ok, let's do this write-up ! Host discovery As always, we need to discover where the machine is on our network. To do so, let's use Nmap: ...
Exploiting KB Vulnerable Web App 1 Write-Up Apr 15, 2014 This post contains the steps to get a root shell with Exploit KB Vulnerable Web App 1 VM This VM can he found here. Have a look to find even more VMs Host discovery First, we need to discover where the machine is on our network. To do so, let's use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting. nmap -sV 192.168.1.23 Fig. ...
Kioptrix 2 Write-up Apr 15, 2014 This post contains the steps to get a root shell with Kioptrix level 2 VM This VM can he found here. Have a look to find even more VMs Host discovery First, we need to discover where the machine is on our network. To do so, let's use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting. nmap -sV 192.168.1.42 Fig. Nmap scan result ...
Kioptrix 1 Write-up Apr 14, 2014 This post contains the steps to get a root shell with Kioptrix level 1 VM This VM can he found here. Have a look to find even more VMs Host discovery First, we need to discover where the machine is on our network. To do so, let's use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting. nmap -sV 192.168.1.2 Fig. Nmap scan result ...
SecOS-1 First VM Out Apr 14, 2014 Hey there, Quick blog post for the first VM I created to experiment some of your pentesting skills. The idea grew up when I developed some security tools (especially the one (CSRFT) I presented at BSides London few weeks ago) to create a legal environment where you could try it out. I really liked creating this Boot2root VM. So, I'll create few more that will rely on each other so keep the flags because you'll need it for the next ones. ...
Updating OpenFuck Exploit Apr 14, 2014 This blog post will be quite fast and will provide you the steps to update the OpenFuck exploit. This exploit is pretty old but you might need it if you have fun with some vulnerable VMs. Not giving any hint. :-) Thanks to this blog, I've been able to update the exploit. Here are the steps to make this work : 1) Add those headers : #include <openssl/rc4.h>#include <openssl/md5. ...
VulnOS Write-up Apr 8, 2014 This contains the solution of the VM: VulnOS. This is my first write-up for a VM and I'm doing it for VulnOS which is hosted on VulnHub (Great resource if you want to improve your pentesting skills). In this ‘tutorial’, I'm gonna give you the steps I reproduced to get a shell on the machine. Discovery First, start by scanning the network to discover where's the host. nmap -sV 192.168.56.1/24 Starting Nmap 6. ...
Python + Transmission daemon = Download easily your favorite TV Show Mar 28, 2014 This post is about my last project : my TV Show Manager. I decided to start it because I wanted something really simple to download my favorite TV Shows. In this post, I'll explain step by step how to reproduce it at home. Basically, with this tutorial you'll set up your Raspberry box by : Installing / set-uping transmission-daemon Getting one of my latest project TVShowManager that uses my EZTV Python API. ...
XSS Callback Mar 20, 2014 This post deals with a project I developed : XSS Callback. This is not going to be (at least, I hope) a boring post about XSS exploitation. No. Well, one scenario of using XSS would be to steal victim's cookie and access the page through his session. This technique is called Session Hijacking. Ok fair enough. However, some issues are present using this technique, let's take an example : You target a website Unfortunately, it's too late (or too early depending on your situation) and you go to sleep. ...