I'm giving away my book.  I've been sitting on it for a few months and I honestly don't know what to do with it.  It wasn't anything more than an idea, then I started putting words to paper, and the next thing I knew, I had something that resembled a book.  Over the course of the last 10 years or so, I've often thought about writing a book but I'd hammer out a few pages, lose interest, and the idea would fade off.  But not with this one.  I conjured up a vulnerable server and in parallel, I wrote lessons on how to approach it, enumerate it, exploit it, and eventually root it.  It's essentially a vulnerable server with a lesson manual.


    I've written a few scripts in PowerShell to perform various tasks for clients and I usually end up with a batch file or some instructions on how to overcome the problem with "execution of scripts" or the various signing errors.  Regardless of whether it's opened with an elevated prompt or not, when you attempt to execute a PowerShell script, you get the following:


    First, let me state that I did not create this tool.  Honestly, I don't even know how I stumbled across it because I wasn't even looking for anything of the sort.  I just happened to come across it and it seemed interesting so I decided to fire it up.  It's basically a multi site brute force tool that covers Wordpress, Joomla, Drupal, OpenCart, and Magento.  If the goal is just to brute force the site, this is much easier than Hydra or the specific tools like WPScan.  In advance of running the tools, you need to create a text file which contains the URLs and then you can fire it up as follows:


    Spending New Years Eve on Hack the Box is perhaps a sad story but someone mentioned the Pro Labs and as I looked into what those were about, I thought maybe I should take on a box or two.  Chatterbox is one I hadn't seen so I fired it up to take a look and I haven't come across Achat but the style isn't unfamiliar.  The privilege escalation is a bit of a downer but it's different and there's a lesson to be learned.  I don't really want to spoil part of the box so let's just dive in.  We kick off with Nmap:


    I'm teaching a class this weekend but my time is limited so instead of building something from scratch, I thought I would grab a couple of the more recent Vulnub boxes to see if there's anything I can use instead.  This box is perfect because I've wanted to give a brief primer on Burp and to make the job easier for the pwning, Burp comes in handy which you'll soon discover. 

    Without giving away too much, we kick off with Nmap:


    Page 2 of 45

    © 2020 sevenlayers.com