AIDE : Intrusion Detection Environment

Categories: Linux, Security, tech

this article about Intrusion Detection for file system changes like modification changing owner extra, for critical files or directories in our environment we using a software called AIDE Advanced Intrusion Detections Environment this software base on a library called mhash this lib used to calculate file hashes and AIDE save the file info inside DB […]

Google Drive Information Leak

Categories: Security, tech

Google Drive & Gmail attachments Leak This part of Google bounty program [IDOR] exploit to allow the attacker to leak your Google Drive files and this mean attacker could leak Gmail attachments that uploaded to Google Drive, Photos you shared with Gmail or any other third party

removable disk could lead to privilege escalation

Categories: Security, tech

privilege escalation Linux with flash disk removable media with setUID, setGID files could give privilege escalation example copy nice command to ur flash storage and ask ur friend to print files in his system then run the command nice like

it will say root the problem occurs from a mounted partition without noexec,nosuid parameter […]

Persistent mount for luks with unlock Key

Categories: Linux, Security, tech

creating a encrypted disk with luks our  Little problem here to mount a encrypted disk  automatically on boot so no need to enter the pass for mounting but this risky if the machine theft happen because we will use a key inside the system and it will be leaked if our machine stolen so lets […]

port forward & pivoting with meterpreter

Categories: Security, tech

Let’s assume u attacked machine with 2 nic cards our IP is first, one ip is that you reach it from and in ifconfig shows, the machine has a different  IP you can scan the network 10.0.2.x via meterpreter arp_scan

we can connect to the RDP server of the machine […]


Categories: Security, tech

Smash The Stack  Level 6

this app take 2 argument 1 – username 2- password it takes it then say hi also, it checks ur env language and change the msg

let’s make some love with gdb btw without change ur language, it will not overwrite the EIP


Categories: Security, tech

still smashing 😀

echo one 😀 let’s see the source code


Categories: Linux, Security, tech

level 4 😀

so i will read the code

popen to execute whoami

underc0de 3 WalkThrough

Categories: Python, Security, tech, Uncategorized, Web

loaded the virtual machine and run netdiscover to get the machine IP

x.112 is  the target   so let’s see what ports available

apache is on 😀 so let’s brute-force the directory in the server


Categories: Security, tech

pretty good level I learned a few new stuff so lets hit the game

fighting with the app till it crashes and hell yeah we start from fault 😀 so we need to see what’s going on