Cybersecurity Solutions and Support Services

    The description states: "Vulnerable VM to learn Basics of privilege escalation.  Difficulty : Easy  Goal : Your goal will be to get highest privileged user and collect the flag."

    So here's what I like about this box, it states the level is Easy and that is true.  Again, this is in the eye of the beholder but I've seen some boxes where Easy isn't exactly Easy.  Or maybe it's Easy but it's a CTF style box.  This isn't that type of box.  It's just a poorly configured machine and it has either a few rabbit holes or a few steps I just skipped because you can.  Either way, you explore a little if this is unfamiliar and that's how you learn.

    I grabbed a batch of files from Vulnhub but a few of them did not work with Virtualbox.  Could be me or it could be the file.  Alas, you can't expect much when you're not paying so I just moved on to the next until I found one that worked.  My File Server did work but it does not have a description.  I would call this box on the easy side but there are a lot of moving parts which can cause you to follow some different directions.  I don't want to say to much so let's get at it...

    I wrote a post a awhile back on how to retrieve and crack active directory hashes but the entire process is manual.  I had this bright idea that I'd automate the Windows side of it using PowerShell.  In my mind, I had the general flow -- create a directory for the files, create a shadow copy, copy the ntds.dit file from the shadow copy, expert SYSTEM from the registry, and then clean up the mess after I get my files.  Funny thing happened, the part where I copy from the shadow copy didn't work.  Turns out, PowerShell doesn't all you (or doesn't easily allow you) to access the shadow copy.

    It's been a while since I've written up a box and Vulnhub just dumped a fresh batch so here we go...

    The box description states:  "Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing." 

    This is a solid entry level box.  Nothing complicated and going through standard enumeration should lead to a low privilege shell and root. 

    The description states:  "Difficulty : Intermediate ~ Hard.  There is one intended way to get low privilege user and two intended ways to get root shell.  Getting root using the easier way : Use anything you have.  Getting root the harder way : Only use what's in the /root/"

    Admittedly, I got root the first way I could find and I lost interest in the "harder" method.  I think I know what I'm supposed to do but I already have root so...

    In a previous post, I wrote about GoPhish.  Since then, I've been working quite a bit with GoPhish and there are some tricks to an effective campaign that I'd like to share.  First, I'd like to point out, this is not a game where you try to win but it's also not something you want to approach like a fake Nigerian Prince.  You want to fall somewhere in the middle.  With respect to the actual campaigns, rather than come at the company all at once, I want to break the company into groups.  In this campaign, we're targeting the sales group.

    © 2020