DC-2 Walk-Through

Let us continue people!!, DC2 is here from my DC series this was pretty interesting as we needed more creativity and a little bit of guessing for how to proceed and keep on going with getting a shell, this box is well built as if you keep on moving in the intended path you will continue to receive the proper hint’s to getting a root shell on this box a few tools used for this machine was very well known was such as: Nmap, Wpscan, Cewl, Ncat, and some attacks like brute-forcing, let’s start. Started with arp-scan to find the … Continue reading DC-2 Walk-Through

DC-1 Walk-Through

Today we will check on the DC series from Vulnhub very great series to begin for Pen testing and to keep a fresh mind for practicing some hacking let’s begin. Started with a arp-scan to find the target box Proceeded with a full port scan and then moved on with a more targeted scan on any open ports found Nikto scan come’s back with many false positives but by visiting port 80 we can filter the results to match the CMS we have encountered previously After a few day’s [JK] results are back from our droopescan By enumerating with searchsploit … Continue reading DC-1 Walk-Through

Root-This Walk-through

Another day another box, been somewhat busy with stuff, I really want to be active on my blog but my frequent changing to stuff on what to write, or what to do is killing me sometimes I do some vulnerable boxes or I just move into reading a book ( Web Application Hacker’s Handbook, cough cough) but I will manage my time better let’s start So first is some recon a simple nmap scan to start One port open let’s do some manual enumeration and try to get more detail’s on this port 80 I use curl here Ok by … Continue reading Root-This Walk-through

Troll Write-Up

Let me continue with another post on another awesome and very troll machine from vulnhub it was great at the beginning then all down hill from there incredibly full of rabbit holes and lot’s of creativity to get this one down but still a very laughable one and enjoyable. Start with an nmap scan First thing that pops interesting is that there is an FTP port listening and Anonymous Login is enable this is a perfect way to start as the Login should be User:Anonymous Pass:Anything As we logged in there is only 1 file to be seen and it’s … Continue reading Troll Write-Up

Goatse Write-Up

Let me start very simple so I kinda wanted to sharpen more my skill in pentesting and decided to do as many vulnhub boxes that I can on my free time, as it seems some of these old school hacks are still very reliable as they still show to appear in the wild so for me to stay sharp and get some practice, I will put most of my time into these boxes. Let me start with an Easy one! Scanning Start with a simple nmap scan , just by being so used to this, I used unnecessary options on … Continue reading Goatse Write-Up

Pen-test Challenge

So the reason I am calling this a Pentest Challenge is cause it seems that a few people new to the industry don’t understand the fact of computer security seems that the famous ‘iPhone’ is still unbreakable and looks like they still don’t understand that this “hacking” can happen to ANYBODY you do not need to be a celebrity or any high status profile all you need to be in the eyes of a Hacker is a target and that will do . They challenged me thinking that I can never gain access into there PC, which they gladly showed … Continue reading Pen-test Challenge

AV Evasion

Let me get started that these techniques that I am writing are the most basics one’s out there I am keeping a reminder here that sometimes simplicity works and I don’t need to go the extra mile for an AV Evasion when sometimes I would like to say that 50% of the times nobody updates or renew’s their subscription to there AV providers and sometimes free one’s are not the best. To get started I will be using the most favorite tool out there MSFVENOM yes as well know that it is and almost any AV can detect it, it … Continue reading AV Evasion