URL File Attacks

by Vince
in Blog
Hits: 988

This comes from PayloadAllTheThings on github and it's somewhat obsolete in that it does not seem to work on Windows 10.  That being said, older systems are still vulnerable to this attack and it's pretty amazing.  The situation is this -- you find an open and writable file share.  Our preference is that it's a server share but it can be any share or any folder even.  If it's a server share, it's going to rain hashes. 

We're going to open Notepad and we'll insert the following:

Read more

Kioptrix 1 : Walkthrough

by Vince
in Blog
Hits: 524

You might be wondering what I'm doing with a super easy, circa 2010, vulnerable machine.  Recently, someone pointed me to a new certification and the very first vulnerable system to exploit is this box.  It turns out that I've never rooted, or written up, this box but I was curious as to how the current version of myself would take on this box.  So that's basically what this is about.  Moving on...

The description states:  This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

Read more

Vulnhub Hackable: II Walkthrough

by Vince
in Blog
Hits: 851

The description states "Easy" and I think that pretty much sums it up.  A few moving parts, more than a lot of "Easy" rated boxes but nothing so challenging as to takes its rating any higher.

As always, we kick off with Nmap:

Read more