Category Archives: tech

AIDE : Intrusion Detection Environment

this article about Intrusion Detection for file system changes like modification changing owner extra, for critical files or directories in our environment

we using a software called AIDE

Advanced Intrusion Detections Environment
this software base on a library called mhash this lib used to calculate file hashes
and AIDE save the file info inside DB with base64 formate
the information that will be saved depends on the aide configuration file

example of default info for the Linux image file

let’s decode this Continue reading

removable disk could lead to privilege escalation

privilege escalation Linux with flash disk

removable media with setUID, setGID files could give privilege escalation
example copy nice command to ur flash storage and ask ur friend to print files in his system then run the command
nice like

it will say root

the problem occurs from a mounted partition without noexec,nosuid parameter

enjoy ur automount

and

happy hacking 😉

Persistent mount for luks with unlock Key

creating a encrypted disk with luks

our  Little problem here to mount a encrypted disk  automatically on boot

so no need to enter the pass for mounting but this risky if the machine theft happen because we will use a key inside the system and it will be leaked if our machine stolen

so lets do it first we have to create a key and add it  our partition

to create a key

don’t forget it to set key permission to be 600

Continue reading

port forward & pivoting with meterpreter

Let’s assume u attacked machine with 2 nic cards

our IP is 10.0.0.5

first, one ip is 10.0.0.10 that you reach it from

and in ifconfig shows, the machine has a different  IP 10.0.2.30

you can scan the network 10.0.2.x via meterpreter

arp_scan

we can connect to the RDP server of the machine 10.0.2.30

via adding a route from out local port 9389 to the machine 10.0.2.30:3389

Continue reading

SMASH THE STACK LEVEL6

Smash The Stack  Level 6

this app take 2 argument

1 – username

2- password

it takes it then say hi

also, it checks ur env language

and change the msg

let’s make some love with gdb

btw without change ur language, it will not overwrite the EIP

Continue reading

SMASH THE STACK LEVEL 5

still smashing 😀

echo one 😀

let’s see the source code

Continue reading

SMASH THE STACK LEVEL4

level 4 😀

so i will read the code

popen to execute whoami

Continue reading

underc0de 3 WalkThrough

loaded the virtual machine

and run netdiscover to get the machine IP

x.112 is  the target

 

so let’s see what ports available

apache is on 😀

Screen Shot 2014-12-03 at 7.07.00 AM

so let’s brute-force the directory in the server

Continue reading

SMASH THE STACK LEVEL3

pretty good level I learned a few new stuff

so lets hit the game

fighting with the app till it crashes and hell yeah we start from fault 😀

so we need to see what’s going on

Continue reading