11Oct 2020 by admin

Exploiting ZeroLogon!

privilege escalation, remote access, vulnerability
Greetings everyone! In today's post, we'll be exploring the ZeroLogon vulnerability and demonstrating just how easy it is to exploit! What Is It? The ZeroLogon vulnerability, tracked as CVE-2020-1472, is an authentication bypass vulnerability, which allows for privilege escalation, in the Netlogon Remote Protocol (MS-NRPC), a remote procedure call (RPC) interface that Windows uses to authenticate users and computers on domain-based networks. According to a blog post on Secura's website, Zerologon takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process. This bug allows an attacker to manipulate the Netlogon authentication procedures and: Impersonate the identity of any computer on a network when trying to authenticate against the domain controller Disable security features in the Netlogon authentication processChange a computer's password on the Domain Controller's Active Directory…
Read More
23Mar 2019 by admin

VulnHub – Kioptrix Level 1

metasploit, remote access, searchsploit, smb, vulnhub
Greetings! I thought I would take to a break from March Madness (go Duke!) to make a post about attacking another system downloaded from VulnHub. This one is called Kioptrix Level 1, so let's get started! I had some trouble getting Kioptrix to talk to my virtual network on VirtualBox, so I switched over to VMWare. Let's boot up both our Kali system and the Kioptrix VM and see if we can find it on the network. We can run netdiscover on our attacking system to see what we have. There it is! Kioptrix is located at 192.168.64.159. Now let's scan it with nmap to see what services and ports are open. We have a few options here! The one that stands out to me is port 139, netbios-ssn. As…
Read More
10Mar 2019 by admin

Metasploitable – VNC

metasploitable, remote access, VNC
Happy Sunday, folks! In today's post, I'll be exploiting VNC in my Metasploitable box to achieve root access. It's another easy exploit, so it's a good one to get the brain juices flowing for the day. VNC (Virtual Network Computing) enables a users to control another computer over a network connection. So in other words, it's a remote-control software. Looking at our previous Nmap scan, we can see that Metasploitable has a VNC server running. VNC is running on port 5900. Cool, let's get to work! We'll fire up Metasploit first and see if we can find any exploits. Once the framework has opened, a simple search for VNC should return results. Hmm. The module auxiliary/scanner/vnc/vnc_login looks promising. Let's give it the old college try and boot it up. A…
Read More
09Mar 2019 by admin

Metasploitable – rlogin

metasploitable, remote access
Happy Saturday morning! In this post, I'll be exploiting a service call rlogin (remote login) on my Metasploitable box. This is a nice and easy exploit, so let's get started!Once we have our virtual machines booted up, we can do a quick refresher of what ports and services are open on our Metasploitable machine, by opening up a terminal in Kali and typing nmap -sS -sV -p- 10.10.1.10. Here, we can see that port 513 is open, and the service is called "login". A quick Google search of the port tell us that the service refers to the rlogin service. Essentially rlogin will allow us to remotely access a system and execute commands on it. According to https://linoxide.com/how-tos/howto-enable-rshrlogin-on-linux-server/, " Rlogin uses a hidden file called .rhosts that is present on…
Read More