Cybersecurity Solutions and Support Services

    I've been poking around HTB lately.  As I was Googling things and looking at the different boxes in the retired section, I saw a mention of Bank.  I think I started Bank at some point because the first couple of steps with DNS seemed vaguely familiar but sometimes I get pulled away from play time and I don't finish what I started.  So anyway, I had a free minute and started over again yesterday and I'm glad I found my way back because it was fun.  A little unrealistic as these things go sometimes but not annoyingly so. 


    It's been some time since I've been on HTB.  Mostly because I tried to get as far as I could in a month on TryHackMe.  I made it to #73 overall and then I stopped so I'm sure I've fallen a bit since then.  TryHackMe is a good platform to round out your knowledge and it's quite a bit more friendly than say HTB.  That being said, this box, Celestial, is straightforward which is atypical for HTB.  Not only that, the low privilege shell is an attack I don't think I've performed previously.  Maybe there's something on Pentesterlab and when I'm done, I'm going to check it out to confirm or deny. 


    I stumbled upon this tool while following a link to a website that performs passive scans on various content management systems.  Instead of keeping their scanning technique a mystery, they list a bunch of open source tools that they leverage in parallel.  In addition to Joomscan which is something I already use, they mentioned JoomlaVS. 

    The description states:  "JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself."


    I had a need for a tool the other day and when I searched for:   "php parameter brute force tool" -- I came up with Parameth.  The description states:  "This tool can be used to brute discover GET and POST parameters.  Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them."

    I've only played with this a bit and it doesn't seem to work on everything but it did work when I needed it. 


     “How I Hacked Your Small Business… and How You Could Have Stopped Me” is the title of a talk I gave earlier this year at BSides College Station – back before Corona Virus had us all on lockdown.  The point of the talk is to give a step-by-step walkthrough of how I’d build an anonymous attack platform and set about to take over the infrastructure of a small business.  It wasn’t a blueprint but it was near close because I wanted to show small business owners and small business defenders what it would look like.  In the middle of the talk, I flip the script and I proceed to go into the steps for stopping me.  While this post isn’t that talk, there are some overlaps.  In my day to day work, I see the same issues time and time again and there are some points in my Bsides talk that are worth repeating.


    Page 4 of 61

    © 2020 sevenlayers.com