Jaacostan

Pivoting is a technique used during Pentesting. The attacker gain access on one of the remote machine in the target network segment and use that machine to move around another network. Pivoting is useful in a scenario where you don't have direct access to a remote network. For example, the attacker can access the DMZ server but not the Internal Server segment. But DMZ server can communicate with Internal Server Segment. In such scenario, firstly the attacker gain access to the DMZ server and then use the DMZ server as a foothold to gain access to the Internal Server Segment. Note that the older versions of metasploit supports MSF scripts but the latest version (metasploit 6.x) doesn't support it. So lets see how to perform pivoting using the newer versions of Metasploit. For the illustration, i assume that the attacker has been gained the access to one of the remote machine and now he needs to move around. After establishing a meterpreter shell, background it. Since msfscripts

The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022. Organizations with websites optimized for Internet Explorer may consider configuring IE mode in Microsoft Edge.  If you are configuring IE mode for an enterprise, you may refer the step by step guide from Microsoft. To configure IE mode on your windows machine, follow the below steps. 1) Open Microsoft Edge browser 2) Go to Settings 3) Click on Default Browser option 4) On the right pane, you can see " Allow sites to be reloaded in Internet Explorer mode ". Toggle the button to ON  5) Restart Edge. 6) Now access any website. 7) To view the website in Internet Explorer Mode, click on Settings > More Tools > Reload in Internet Explorer Mode 8) Now the Website will be reloaded in IE mode. You can also see the settings from IE icon next to the address bar. 9) To exit IE mode, click on Settings > More Tools > Exit Internet Explorer Mode  

When a packet is sent to an open UDP port, default behavior should be no response, Simply because UDP is a connection-less protocol. When this happens, Nmap or port scanning scripts  refers to the port as being open|filtered. It could be open or behind the firewall. However, if it gets a UDP response which is very unusual in UDP, then the port is marked as open. Then how Nmap or other port scanning scripts confirms whether there is an open UDP port exists??? For this, one should know about the relation between UDP and ICMP. You may refer to this post to understand. When a packet is sent to a closed UDP port, the target responds with an ICMP (ping) packet containing a message that the port is unreachable. Using ICMP error codes, nmap identifies and confirms the closed ports.

To mount a share to your working machine, use the following command. There are some prerequisites for CIFS mount and for mounting the .VHD files. Normally comes preinstalled with you Kali/Linux Distro. However, i am listing it down. apt-get install libguestfs-tools apt-get install cifs-utils Now to mount a remote share,   #sudo mount -t cifs //<Remote_Machine_IP>/<Path>/ <Mount_Path> -o rw eg: mount -t cifs //10.10.10.1/Backups/ /mnt/nfs -o rw To check the .VHD filesystem, we can use guestfish. sudo guestfish --ro -a <file.vhd> ><fs> run ><fs> list-filesystems /dev/sda1: ntfs Guestfish shell runs only specific commands. However, run and list-filesystems commands are enough to get you the required information.In the above example, we can identify that the filesystem is NTFS and the partition /dev/sda1. Now mount the .VHD file using guestmount. #guestmount -a <File.vhd> -m <device_file_partition> --ro <Mount_Path> --ro = readonl

The fingerprint reader on my laptop was not working properly since last couple of month. Suspecting after some update from Microsoft. It was not completely working, sometimes it work perfectly and often sometimes not. Especially after my laptop goes sleep. So i uninstalled and reinstalled the driver with the latest update, did some googling and couldn't get a solution. However, i though of checking the power management settings. And unchecked the "Allow the computer to turn off this device to save power" under the device's power management (From Device Manager). The issue is fixed and the fingerprint reader is working fine. Thought of sharing this as some of my friends had the same issue. Also i can see a lot of queries in the internet regarding this fingerprint reader malfunction. Always keep your OS and the drivers up to date and don't download any third party tools to fix issues with your machine.

While compiling programs, you may encounter this particular error. E: Unable to locate package linux-headers-5.10.0-kali5-amd64 I encountered this while compiling a C code. To fix this, i first updated my Kali machine (v2020.2a).  sudo apt update -y && apt upgrade -y && apt dist-upgrade   Rebooted. Then installed the headers.   sudo apt install linux-headers-$(uname -r)  

Room link : https://tryhackme.com/room/adana Excellent room. Spend much time on Recon and Enum. The room developer has also put a sweet spot rabbit hole. The WordPress. I am not making this write-up in detail. You perform the initial nmap scan, get couple of open ports and services. Then perform a dirbuster or gobuster scan. You get the secret directory. Announcement. In the Announcement directory, you can see an image and a word-list. As common with THM, we can easily assume that there might be some kind of stenography involved. And yes, but with a point. I used steghide and exif tools at first but you need to use brute-force method to crack the hidden data. Also the hint is given on the room poster. Anyway. Use Stegbrute to crack the image. Stegbrute gives an output file and its encrypted. Do a Base64 conversion to decode and here it is, the FTP credentials. Decode using icyberchef.  Now we have the FTP creds and let's try it. Well, the directory structe looks like the web folde

JSON Web Token (JWT) is a standard for securely transmitting information between parties as a JSON object. This information can be verified and trusted because as it is digitally signed using the public/private keys. In this post, i will be explaining about the JWT and how it can be manipulated to perform certain functions, especially during penetration testing. Access the website that uses JWT token and open the developer tools in the web-browser to see the  JWT token. To decode the token, we can use a handy website https://jwt.io .Copy the token and paste it on the website to decode.You can see the key pair values. And if you want to generate your own customized JWT token, you can do it in the same way. Create the header and the payload data based on your desired fields. The jwt.io site generates and sign the key using the key-pairs. Then copy the encoded token and re-transmit to the target website to do manipulation.

Recently i came across this awesome Windows Exploit Suggester - Next Generation (WES-NG) tool and it comes handy for performing the privilege escalation. Once you have the initial access to the machine, simply grab the system information and run with WES-NG to view all the vulnerabilities in the target machine. WES-NG link : https://github.com/bitsadmin/wesng 1) Get the package form the above link and clone it to your machine. #git clone  https://github.com/bitsadmin/wesng 2) After cloning, update the vulnerability database. syntax : wes.py --update 3) Now, from the target machine, run systeminfo command. Copy the output on a text file, name it as systeminfo.txt and paste it in the same WES-NG folder. 4) Run WES-NG with the systeminfo.txt file as parameter. syntax : python wes.py systeminfo.txt   The tool will list down all the vulnerabilities in the target machine. Now it is up to you to find and select an applicable potential vulnerability and exploit to perform the privilege es