I often get asked why people should care about their web server getting hacked.  The argument for their lack of concern is the fact that their web server isn’t on their corporate network so they are isolated from any potential harm. 

If I were to replace all of the photos on your website with cat memes, would you care?  Take this a step further with something offensive.  So now I have your attention -- or at least I think I do.  It gets worse. 

If your site is vulnerable to cross site scripting, we can do the Internet's version of graffiti.  Pretty simple stuff if you don't sanitize inputs.  Also about as dangerous as cat memes in that we're introducing different content but causing no real harm unless you don't like cats. 

Read more: Why You Should Care

First, let me say that while I've used this password manager on occasion for various reasons, this is not what I use personally.  If we're making a recommendation, we like 1Password.  But if we're looking for a completely free password manager that doesn't require logging into a website, KeePass is a solid option.  It's a no frills password manager that does exactly what you'd expect it to do -- store passwords.  

As far as I can tell, KeePass doesn't have native browser integration although there are Chrome and Firefox extensions available.  I can't speak to their reliability or their security.  Assuming we're just trying to get off of Excel as our password manager and we just want to move to something a little more secure and robust, without further ado -- KeePass...

Read more: KeePass Password Manager Install Guide

Every so often, I come across a challenge that has a password encrypted zip file.  And every so often I realize I've switched my working laptop and I no longer have Jumbo John installed.  Recently I encountered that exact scenario and when I attempted to install Jumbo John, something went sideways.  Rather than digging through it, and knowing that I'm about to switch my working laptop in the very near future, I decided to use a script instead.

Honestly, after going this route, I'm not exactly sure why this isn't a better approach.  Perhaps if I weren't using a wordlist?  Multithreading?  Dunno.  Anyway, I think I can count exactly one time I've come across a zip file with a password in my work.  Given that this situation only arises during CTF situations, the script works and I don't have to install anything.

Read more: Cracking Password Protected Zip Files

I almost titled this blog something that would give away the exploit but then I realized someone might be passing by to get a hint.  Without giving away the privilege escalation -- the first time I used this exploit, I felt like a l33t h4xor.  I'm not.  I just felt like one because it's more than just compile, execute, root.  I've only used it a few times but I like it.  There's a quicker way to root this box but it's worth doing the longer way especially because it didn't go as planned and there's a slight modification that makes it work anyway.  

Continuing on with the Kioptrix Series, this is Kioptrix 1.3 (#4), the fourth from this author (group?).  This is a big jump up from the first three in terms of difficulty, IMO.

Read more: When Life Hands You Lemons

I'm surprised I didn't find this one sooner.  I was working my way through the Kioptrix series but alas, the final box is from a different hypervisor and while I was able to import it, I could not get networking to function.  One day I will setup another machine to work on these other systems but for now, I continue finding lists of must-do boxes.  Vulnix has been around for a while but I've never crossed paths with it.

This is a fun box.  It is probably more real world than the CTF style boxes because its vulnerability stems from a misconfiguration which is more likely than you might think.  

Read more: Vulnhub Vulnix Walkthrough

Next up in the Kioptrix series is Kioptrix 1.2 (#3), the third in the group which gets even more confusing with #4 and #5 being referenced as 4 in their downloads but I digress.  I think something is wrong with the image because I was expecting LFI from the vulnerabilities I found but LFI didn't work.  I ended up going a different route than what I think was the point of this lesson.  I just wanted to pop the box, be done with it, and move on to the next one -- hoping that it was just a one-off problem.

After I rooted the box, I found some creds, a setuid binary, and I think that was my route after getting in through LFI but I'd already popped the box, seemed like things were messed up, and there are more to conquer.  

Read more: Dirtycow Gone Awry