02Apr 2021 by admin

CyberSecLabs – Secret

Hacking, privilege escalation, smb, vulnerability, Windows
Greetings everyone and happy Friday! Welcome back to another walkthrough of a system hosted on the CyberSecLabs platform! The machine we'll be attacking today is called Secret, so let's jump right in! We'll start off by scanning the host with Nmap: So we have quite a bit of ports open here, and a lot to work with! Right off the bat, we should be focused on port 445 which is SMB. Let's start probing at that port to see if we can find any additional information. We'll start by using a tool called smbclient to enumerate possible shares. We can do this by specifying the "-L" switch: When prompted for a password, we can simply press enter to see if we can list the shares without providing any credentials. For…
Read More
12Sep 2019 by admin

Hack The Box – Lame

hackthebox, metasploit, meterpreter, smb
Greetings everyone! We're back with another HackTheBox machine to exploit. This one is called Lame! I'm sure there is nothing lame about this box. After all; we are still getting our hands dirty with some penetration testing action! Without further delay, let's dive into it!The machine Lame has an IP Address of 10.10.10.3. Let's start an Nmap scan to see what it has for open ports and running services! As we can see from the Nmap results, we have a few options to work with. Let's start with trying to find an exploit for vsftpd 2.3.4, as we know from an earlier blog post that this can be easily exploited with Metasploit. So let's fire it up! Now let's configure the exploit via the "show options" command, and enter the…
Read More
24Mar 2019 by admin

VulnHub – Basic Pentesting 2

privilege escalation, smb, ssh, vulnhub
In today's post, I'll be attacking a virtual machine downloaded from VulnHub called Basic Pentesting 2. I've previously posted two ways of exploiting a machine called Basic Pentesting, so it's only right that we try out the next machine in the series! The first thing we're going to do is locate the vulnerable machine on our network. We can do this by using a tool called netdiscover. Once we find it, we can start scanning! For me, the vulnerable machine is located at 10.10.1.11, so let's fire up nmap! Alright, looking at these results we can see there is a web server running, so let's browse to it and see what we find. Nothing here, really! But let's run a program called dirb to see if we can brute force…
Read More
23Mar 2019 by admin

VulnHub – Kioptrix Level 1

metasploit, remote access, searchsploit, smb, vulnhub
Greetings! I thought I would take to a break from March Madness (go Duke!) to make a post about attacking another system downloaded from VulnHub. This one is called Kioptrix Level 1, so let's get started! I had some trouble getting Kioptrix to talk to my virtual network on VirtualBox, so I switched over to VMWare. Let's boot up both our Kali system and the Kioptrix VM and see if we can find it on the network. We can run netdiscover on our attacking system to see what we have. There it is! Kioptrix is located at 192.168.64.159. Now let's scan it with nmap to see what services and ports are open. We have a few options here! The one that stands out to me is port 139, netbios-ssn. As…
Read More