this article about Intrusion Detection for file system changes like modification changing owner extra, for critical files or directories in our environment we using a software called AIDE Advanced Intrusion Detections Environment this software base on a library called mhash this lib used to calculate file hashes and AIDE save the file info inside DB … Read More
Google Drive & Gmail attachments Leak This part of Google bounty program [IDOR] exploit to allow the attacker to leak your Google Drive files and this mean attacker could leak Gmail attachments that uploaded to Google Drive, Photos you shared with Gmail or any other third party
privilege escalation Linux with flash disk removable media with setUID, setGID files could give privilege escalation example copy nice command to ur flash storage and ask ur friend to print files in his system then run the command nice like nice whoami it will say root the problem occurs from a mounted partition without noexec,nosuid … Read More
creating a encrypted disk with luks our Little problem here to mount a encrypted disk automatically on boot so no need to enter the pass for mounting but this risky if the machine theft happen because we will use a key inside the system and it will be leaked if our machine stolen so lets … Read More
Let’s assume u attacked machine with 2 nic cards our IP is 10.0.0.5 first, one ip is 10.0.0.10 that you reach it from and in ifconfig shows, the machine has a different IP 10.0.2.30 you can scan the network 10.0.2.x via meterpreter arp_scan meterpreter > run arp_scan -r 10.0.2.1-255 we can connect to the RDP … Read More
Smash The Stack Level 6 level6@io:/levels$ ./level06 a b Hi a this app take 2 argument 1 – username 2- password it takes it then say hi also, it checks ur env language and change the msg level6@io:/levels$ export LANG=fr level6@io:/levels$ ./level06 a b Bienvenue a level6@io:/levels$ export LANG=de level6@io:/levels$ ./level06 a b Willkommen a … Read More
still smashing 😀 level5@io:/levels$ ./level05 level5@io:/levels$ ./level05 a a level5@io:/levels$ echo one 😀 let’s see the source code level5@io:/levels$ cat level05.c #include #include int main(int argc, char **argv) { char buf[128]; if(argc < 2) return 1; strcpy(buf, argv[1]); printf(“%s\n”, buf); return 0; }
level 4 😀 level4@io:~$ cd /levels/ level4@io:/levels$ ./level04 Welcome level5 level4@io:/levels$ ./level04 d Welcome level5 level4@io:/levels$ ./level04 $(python -c “print ‘A’ * 1024”) Welcome level5 so i will read the code int main() { char username[1024]; FILE* f = popen(“whoami”,”r”); fgets(username, sizeof(username), f); printf(“Welcome %s”, username); return 0; } popen to execute whoami
loaded the virtual machine and run netdiscover to get the machine IP oot@n1x:~# netdiscover Currently scanning: 192.168.39.0/16 | Screen View: Unique Hosts 4 Captured ARP Req/Rep packets, from 4 hosts. Total size: 240 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor —————————————————————————– 192.168.1.1 e8:94:f6:5d:c6:3b 01 060 Unknown vendor 192.168.1.2 00:18:fe:6d:61:27 01 060 Hewlett Packard … Read More
pretty good level I learned a few new stuff so lets hit the game level3@io:/levels$ ./level03 level3@io:/levels$ ./level03 9 level3@io:/levels$ ./level03 $(python -c “print ‘a’ * 10000 “) Segmentation fault fighting with the app till it crashes and hell yeah we start from fault 😀 so we need to see what’s going on level3@io:/levels$ gdb … Read More