Techniques
-
This is a walk through of what I did to resolve a capstone lab in OSCP, which focuses on abusing unquoted service paths in Windows OS. Required Applications The steps listed are under the presumption that required applications are already…
-
This is a walk through of what I did to resolve a capstone lab in OSCP, which focuses on hijacking DLLs. Required Applications The steps listed are under the presumption that required applications are already installed and are working properly.…
-
This is a walk through of what I did to resolve a capstone lab in OSCP, which focuses on hijacking binaries for Windows services. Required Applications The steps listed are under the presumption that required applications are already installed and…
-
This article shows how to crack a zipped file’s password using JohnTheRipper. Please note that the success of this strategy still depends on the wordlist that you are using. Get the list file from Daniel Miessler on Github.
-
A file upload vulnerability in a web application occurs when the application improperly handles user-uploaded files, allowing attackers to upload malicious files. Create a Reverse Shell Script In this step, a reverse shell script from Github (https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php) was used. <?phpset_time_limit…
-
Definition File Inclusion is a type of vulnerability often found in web applications, where an attacker can cause the application to include files from the server or from external sources. This inclusion can lead to a variety of malicious actions,…
-
When doing adversary emulation, it is important to keep track of your actions. It is important to be aware of how much traffic you are generating, especially if you need to avoid detection from monitoring solutions. Generating a large amount…
-
Command and Control Command and Control (or usually called C2) is a phase in a cyber-attack where a threat actor is trying to communicate with the machines that they have already compromised. C2 frameworks also offer the capability of persistence,…
-
WPA2 (Wi-Fi Protected Access 2) is a security protocol designed to secure wireless networks, which can be configured to use a pre-shared key for authentication (PSK) or to use a server for authentication (WPA2-Enterprise, commonly used in business environments). WPA2…
-
SNMP, which stands for Simple Network Management Protocol, is a network protocol used to manage and monitor network devices such as routers, switches, servers, printers, and more. It allows network administrators to collect information about these devices, monitor their performance,…
Project Puchufy 