First, let me say that while I've used this password manager on occasion for various reasons, this is not what I use personally.  If we're making a recommendation, we like 1Password.  But if we're looking for a completely free password manager that doesn't require logging into a website, KeePass is a solid option.  It's a no frills password manager that does exactly what you'd expect it to do -- store passwords.  

As far as I can tell, KeePass doesn't have native browser integration although there are Chrome and Firefox extensions available.  I can't speak to their reliability or their security.  Assuming we're just trying to get off of Excel as our password manager and we just want to move to something a little more secure and robust, without further ado -- KeePass...

Read more: KeePass Password Manager Install Guide

After learning of the Kioptrix series, I've become curious as to what makes up the other boxes.  The next in the series, Kioptrix:  Level 1.1 (#2), is a Centos server with an injection point.  There are a two things I like about this box:

1.  With the typical path I'd normally take with sqlmap, I was unable to get anything of use from this box and I was forced to use manual knowledge of blind sql injection.

2.  This box is older and what ultimately got me to root was an exploit I haven't used which is something new to me that I will stuff away for possible later use.

Read more: Simple SQL Injection

I almost titled this blog something that would give away the exploit but then I realized someone might be passing by to get a hint.  Without giving away the privilege escalation -- the first time I used this exploit, I felt like a l33t h4xor.  I'm not.  I just felt like one because it's more than just compile, execute, root.  I've only used it a few times but I like it.  There's a quicker way to root this box but it's worth doing the longer way especially because it didn't go as planned and there's a slight modification that makes it work anyway.  

Continuing on with the Kioptrix Series, this is Kioptrix 1.3 (#4), the fourth from this author (group?).  This is a big jump up from the first three in terms of difficulty, IMO.

Read more: When Life Hands You Lemons

For whatever reason, 2fa stops working correctly and you're faced with "The two factor authentication Secret Key is invalid."

mysql -u root -p
show databases;

Of the databases, you'll have to know which is your database.  Let's call it "joomla" for the sake of this post.

use joomla;
show tables;

Read more: Joomla: The two factor authentication Secret Key is invalid.

Next up in the Kioptrix series is Kioptrix 1.2 (#3), the third in the group which gets even more confusing with #4 and #5 being referenced as 4 in their downloads but I digress.  I think something is wrong with the image because I was expecting LFI from the vulnerabilities I found but LFI didn't work.  I ended up going a different route than what I think was the point of this lesson.  I just wanted to pop the box, be done with it, and move on to the next one -- hoping that it was just a one-off problem.

After I rooted the box, I found some creds, a setuid binary, and I think that was my route after getting in through LFI but I'd already popped the box, seemed like things were messed up, and there are more to conquer.  

Read more: Dirtycow Gone Awry

As you walk down the street, you approach a home with an ADT sign and you notice a pair of surveillance cameras.  As you pass the home, you also notice the doors, windows, and garage door are all closed, and a sign posted on the gate to the side yard reads:  "Beware of Dog". 

A few doors down, you pass another home without any visible signs for an alarm company and as far as you can tell, no surveillance cameras.  As you complete your pass of this second home, you notice the gate and garage door are both wide open.  In the garage, you can see three bicycles, a set of golf clubs, and a BMW with the driver side window rolled down. 

Read more: Low Hanging Fruit