Hi, here we will see some things which we can do with LFI. And combining this info how we can get RCE.
Note: This scenario is in HTB Beep Machine. SMTP server is also running on the machine at port 25.
We start with a basic LFI
Basically, /proc/self/ represents the process that’s reading /proc/self/. So if we try to open /proc/self/ from a C program then it represents that program. If you we to do it from the shell then it is that shell…
if we try to read the contents of “/proc/self/status” then it will output…
Hi readers this is just another windows privesc article. Here we will be seeing how misconfigured services, registry and exposed SAM/SYSTEM files can be exploited for escalating privileges….
Some windows learning prerequisites:
Types of groups in Windows:
Types of user accounts in Windows:
Access Control lists (ACLs) contains info regarding permissions for…
Hi, readers here we will be seeing how can we can create our own personal VPN server on oracle cloud(However, these same steps will work for every cloud provider and also for your local machine). Specifically we will be creating wireguard VPN server using algo VPN, which is a open source project created for this specific purpose of easily setting up personal VPN server on cloud(https://github.com/trailofbits/algo). Lets start….
a. Login to your oracle cloud account and Click Create VM instance option.
b. In the next screen you will be prompted with various configuration options for your instance. First we can…
Hi readers here we will see how we can tunnel tcp traffic inside ssh session. There are two types of tunneling/forwarding local and remote. In local we expose services running on system accesible to remote server(ssh server) to our local network and in remote we expose services running in local network to a device accesible by remote server(ssh server). I have found a excellent diagram explaining this on stackexchange discussions (https://unix.stackexchange.com/questions/115897/whats-ssh-port-forwarding-and-whats-the-difference-between-ssh-local-and-remot) take a look and you will get more clear picture what is going on here.
NOTE: Please keep in mind for case 2 of both -R and -L options…
Hi readers, here we will see how we can get reverse meterpreter shell from a internal machine(which is not connected to internet). For more understanding this article can be followed after reading previous article(https://pswalia2u.medium.com/pivoting-metasploit-proxychains-85d18ce5bf2d)
Already compromised system(Pivot) with meterpreter session with already autoroute configured for next machine(10.100.11.100).
Hi, here we will see how we can perform Man in the middle(MITM) attack on compromised remote windows machine.
Prerequisites: Meterpreter session
I have already installed it. You can install it by running the command given below.
This is just another pivoting tutorial(Nothing special). We will try to find other hosts in the internal network of a organization and will do basic enumeration on discovered hosts.
Already compromised host with meterpreter session.
2. Using autoroute module to create a pivot for the other network i.e. 172.30.111.0/24 . After running this all the metasploit modules will be able to access internal network 172.30.111.0/24.
(Here in this lab scenario, we already know this subnet exists)
msf6 post(multi/manage/autoroute) > set session 1
session => 1
msf6 post(multi/manage/autoroute) > set subnet 172.30.111.0/24
subnet => 172.30.111.0/24
Serialization is nothing but a way of representing objects as a long string. Methodology here is similar to encoding. We are converting objects into more usable, easy to handle format to be handled by our application or for our network stack.
public $isDumb;public function printData()
echo $this->username . ' is dumb.';
echo $this->username . ' is not dumb.';
}$obj=new User();#instantiating class
$obj->isDumb=False; #change this boolean variable
Let’s see what is going on here:
We have created…
IT security is full of buzz words. One of them which I got introduced with is “Egress-Testing”, which is nothing but checking firewall rules for TCP/UDP for outbound connections. Firewalls are generally configured by network admins to block outgoing traffic from servers(Port based blocking), which according to them prevents data exfiltration:)(misconceptions are everywhere). But these are servers running some services if they block all the ports so how do they serve their clients. This is where Egress-Testing comes into play. We will be seeing the barebone test i.e without any preinstalled tools/softwares.
Server IP Address: 172.16.91.100
Our IP: 172.16.91.10