What is Command Database

What is command database? It was born as a simple text document with a grep script for store and search more frequently used commands in my CTF/challenge/Boot2Root activity. It is trasformed in a python script, before with txt document as database, after with SQLite. Now it is a complete web application. Is it an innovative … Continua a leggere What is Command Database

Token Manipulation

Penetration Testing Lab

It is known that running a windows service as local system it is a bad security practice as if this service is compromised in any way it would give the same level of privileges to an attacker as well. However it is also possible to escalate privileges from a service that is not running as SYSTEM but as a network service as well.

From Service Account to System

There are many occasions in penetration testing engagements that the penetration tester has managed to compromise a service like Apache, IIS, SQL, MySQL etc. but unfortunately this service is not running as local system or under a high privileged account but as network service.

Apache Service running as Network Service Apache Service running as Network Service

The list of available tokens via Meterpeter in this case is limited only to the Network Service as the Apache is running under this account.

Network Service Available Tokens Meterpreter – Available Tokens

However there is a technique which can be used that tries…

View original post 171 altre parole

Breach 3 WriteUP

************* {{ FLAG 1 }} ************ {{ First scan TCP }} [[ ┌[root@Groundzero]-[Kali-kali-rolling]-[~]-[23:32:41] └# nmap 192.168.1.185 Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-03-03 23:45 CET Nmap scan report for Initech-DMZ01.lan (192.168.1.185) Host is up (0.00049s latency). All 1000 scanned ports on Initech-DMZ01.lan (192.168.1.185) are filtered MAC Address: 08:00:27:FC:B8:C6 (Oracle VirtualBox virtual NIC) Nmap done: … Continua a leggere Breach 3 WriteUP

JBZ Team

Dal nostro gruppo telegram si è formato un team per giocare ai CTF. Se sei interessato a partecipare o semplicemente a conoscere i nostri lavori e progetti visita il seguente link: https://jbzteam.github.io/about/ Per accedere al team bisogna superare una mini challenge. Per maggiori dettagli visitate il link di cui sopra

lab.pentestit.ru WriteUp

Come ogni anno, anche il 2016 si presenta in splendida forma con la CTF più grande e bella firmata Russia: https://lab.pentestit.ru. https://knx2010.files.wordpress.com/2016/12/penetration_test_lab_test_lab__pentestit_-_goog_2016-12-07_21-48-18.png Ho avuto il piacere di partecipare, finire tutto il laboratorio alle ore 3:00 del giorno 6 Dicembre 2016 qualificandomi NONO a livello mondiale su un totale di 13361 utenti registrati (dato del 6 … Continua a leggere lab.pentestit.ru WriteUp

HackDay: Albania CTF

Vulnerable machine download: https://www.vulnhub.com/entry/hackday-albania,167/ INTRO: Per questa CTF ho deciso di utilizzare esclusivamente Windows come macchina attaccante. Con questo non voglio esprimere una preferenza verso un sistema operativo specifico, o verso una distro specifica, voglio invece evidenziare come si possano effettuare le stesse procedure a prescindere dal sistema o dalla distro. INSTALLAZIONE: Ma scherziamo? E … Continua a leggere HackDay: Albania CTF