Jaacostan

CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability | Severity : Critical As per Microsoft, An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol. An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. We use Impacket primarily to exploit this vulnerability. And for that set up a virtual environment. Though it is not mandatory to have a virtual environment to run Impacket, however for stability purpose we are using the virtual env. python3 -m pip install virtualenv python3 -m virtualenv impacketEnv source impacketEnv/bin/activate pip install git+https://github.com/SecureAuthCorp/impacket Once the environment is setup

  Prepare for AWS cloud practitioner certification exam by participating in the AWS Certified Global Challenge. AWS offers free training, a free practice exam, suggested resources, Q&A opportunities.    Registration Link : https://pages.awscloud.com/takethechallenge.html    Registration will be open October 1 - December 31, 2020. To attend live training sessions, sign up by October 11, 2020. Registrants after October 11, 2020 will be able to review recorded training sessions. To be recognized for meeting the Get AWS Certified Global Challenge, take and pass your AWS Certified Cloud Practitioner exam on or before December 31, 2020.   Only Training and practice exam voucher is provided by AWS. For earning the Cloud Practitioner title, you need to take the AWS Cloud Practitioner Exam that costs 100 USD.      

THM Room : Blog Link : https://tryhackme.com/room/blog Objective : Grab the root & user flags by exploiting the vulnerability in WordPress version. [CVE-2019-8942,CVE-2019-8943] Access the IP from your browser. That returns a non-formatted webpage, that hints you may add the URL in the hosts file. Add the URL in the hosts file. If you go through the web page source in your browser, you can see that many of the page links are called using the URL blog.thm. If you enumerate more, you can also find the WordPress version as well. Or you could find it using the wpscan tool. Perform the nmap scan. So we have ssh, web and samba share. Lets explore the samba share. Nice, we can get some files from here. So i used steg tools and found a text file. And unfortunately, its a rabbit hole. Now lets perform a directory scan. I have used my favorite tool gobuster for this. We can see a large number of directories, but not much use with this room objective. Now, since we know that the website is

      Register and attend Hacker Halted 2020 event and you might win free EC-Council exam vouchers, trainings and more.This year, the event is free to all.  : Register Here  

I have recently tried the PRET toolkit to hack the printers connected or accessible in your network. PRET stands for Printer Exploitation Toolkit. PRET can access the printer in your network or USB and exploits the features of the printer language. A hacker can perform activities such as capturing or manipulating print jobs, accessing the printer's file system, cached documents, access memory and even do permanent damages as well. PRET utilizes TCP port 9100 when connecting the printer over the network. There are three main languages that printers speak and you should know the exact one to successfully exploit the machine. You can do basic enumeration, try one by one. 1. ps (Postscript) 2. pjl (Printer Job Language) 3. pcl (Printer Command Language) You can see network printers everywhere. But how often organizations update the firmware of their printers? This could be a soft target for hackers.  Usage: Access and clone the toolkit from Github : https://github.com/RUB-NDS/PRET  #

Register for Ignite '20 to be eligible for free PaloAlto product training and certification prep courses. Specific product deep dive training sessions and free certification vouchers will only be available to those who attend the two-day, virtual Ignite '20 conference happening on November 16,17,18. After engaging in a full session, you’ll get a voucher to take the exam of your choice for free. Use your company email for registering this event.  Link for Ignite '20 Registration : https://ignite.paloaltonetworks.com/

Splunk is offering a limited time discounted certification exam offer. From August 1 through October 31, all eligible candidates can register for one certification exam for a $50 registration fee. Register your desired exam at PearsonVUE and use the code STUDYUPBUTTERCUP at checkout to avail this offer. Link for exam registration tutorial : https://www.splunk.com/pdfs/training/Exam-Registration-Tutorial.pdf Link for Promotion details : https://www.splunk.com/pdfs/training/Certify-in-Place-Promotion.pdf

I recently moved to a new place and bought a new mobile connection from one of the cellular providers. Number got activated and then I created a new WhatsApp account. After I successfully opened my new WhatsApp, daily I started receiving many messages from the people I never ever met, complete strangers. They thought that the number belongs to a person, let’s say X. Initially I thought, OK this might be a normal thing because they might be contacting the person after a long time, and unaware that the person might have changed his/her number. I started telling them "wrong number". I have no idea whether the previous owner of this number was a politician or a famous/infamous person. But I keep getting many calls and messages intended to that person X. Some added me in to a few WhatsApp groups (work/personal). Getting frustrated. People started sending sensitive documents, personal messages as well. And being a security pro, this led me to write a post regarding the possible s

Lets talk about PrintSpoofer tool. This tiny tool is used for Windows Privilege Escalation. If the target server having the SeImpersonatePrivilege enabled and by using this tool, you can perform the Privilege escalation. 1) Look for the ways to elevate the privileges in the target machine. Run whoami /priv  Check for the weakness in Windows Server where certain service accounts are required to run with elevated privileges utilizing the SeImpersonatePrivilege . Mostly people use Hot Potato to take advantage of this privilege function. But Hot Potato is successful only if the DCOM enabled in the target server. [ Read more on this]. Here comes the usage of PrintSpoofer tool. You can abuse and exploit this with PrintSpoofer tool, even if the DCOM is disabled in the target server. 1) Get the code from Github. https://github.com/itm4n/PrintSpoofer Clone the directory. Note that, if you are trying to compile the code in a Linux machine, you may encounter compile error as it requires window

Free courses and free contents. Build a skill. Invest some time and litt up. 1) GCFGlobal. 200+ courses ranging from MS office to Cyber Security. https://edu.gcfglobal.org/en/topics/ 2) OpenLearn Courses on , well almost everything. https://www.open.edu/openlearn/free-courses/full-catalogue 3) Alison Free and huge catalog of courses. https://alison.com/

When a user input something in the website such as adding a comment or uploading a file, these things can be verified for the validity and authenticity by using two methods. Client-Side or Server-Side filtering. When it is Client side, the filtering happens in the browser itself. Where as in Server side, the user input is sent back to the Server and then the server will validate the user input. Based on that, the user can successfully input something in to the website. Server side filtering are comparatively harder to figure out as the code won't be passed to the end user. But when in comes to Client side filtering, the user/attacker can easily find out the filtering methods and may bypass the filtering using various methods. There are four major ways to bypass the client-side file upload filter: Turn off JavaScript in your browser . Most of the filtering check is accomplished by using a java script. So disabling the JavaScript in your browser may disable any kind of checks. But th

Ok, I was trying to run a python script which is written in version 2 and while executing, i am getting the error " ImportError: No module named requests ". Which means the python script is calling to import the module named requests . This particular module doesn't comes inbuilt with the python installation. So i tried to install the module in my system. Since the script is in version python 2, i need to import the module for python 2. Unfortunately, the normal pip command seems deprecated (Python2 is End of Life as well) and spend some time to find the exact command.  Here is the way to fix.  root@kali:~/Desktop# sudo apt-get install python-pip python-dev build-essential This will download all the essential files. Then run the command to install your desired module. In my case " requests ". root@kali:~/Desktop# pip install requests For Python version 3, this is very easy and straight forward. No need to run the first command if your are running only python3.

Injection Attacks.   This can be broadly classified in to two major kinds. SQL injection and Command Injection. SQL Injection : Occurs when the user input is passed to SQL queries. And as a result, the attacker can access the database and do what ever he want. He can manipulate the tables, delete etc.   Command Injection : This occurs when user input is passed to the the target system as system commands. The attacker is able to execute arbitrary system commands on application servers. The best way to prevent injection attacks is ensuring that user controlled input is not interpreted as queries or commands. Or simply known as input validation. This can be done in different ways: Using an allow list: when a user input is sent to the target server, this input is compared to a list of safe input or characters. If the input is marked as safe, then it is processed. Stripping input: If the input contains suspicious characters, these characters are stripped off before they are processed.     

THM Room : Git Happens Link : https://tryhackme.com/room/githappens  Perform a Directory scan. Here i used Gobuster . Git directory found. Same you can find using the nmap scan. If you browse the address, you can see the login page. finding the credential is the goal of this room. If you go through the page source, you can find some javascript. You can try to decode to find something relevant. You can also browse through the site pages to find hints. However i couldn't find anything relevant. I found some logs though. I used gitdumper.sh script to dump all the items to my local machine. Link ( https://raw.githubusercontent.com/internetwache/GitTools/master/Dumper/gitdumper.sh )   Checkout Go through the logs to find the commit history (reference : https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History ) Based on the hint/statement, look for the commit entry made by Boss and checkout. Check out again using the new entry. And go through the index.html file. You can fin

Kali had changed to a non-root user policy by default since the release of 2020.1.Which means, the old  root/toor credentials won't work by default. When some one login to the Kali linux using the new default credentials kali/kali , they wont be having the root privileges. Even unable to view the IP Address using the ifconfig command. So the command not found, due to the lack of privileges. To solve this, you can run the command in sudo . #sudo ifconfig will give you the result. But executing all commands with sudo is bit inconvenience. So let''s activate the root user. #sudo su and then reset the password using # passwd root Enter your new password for the root user. Restart Kali or switch user, and then login with root and the new password that you've set.

Good news to all NCP/NCAP/NCSE aspirants. Nutanix Global .NEXT event, happening September 8th – September 10th, 2020. All .NEXT attendees will receive a voucher to take the NCP, NCAP, or NCSE exams for FREE through October 15.    Registration link : https://www.nutanix.com/next/register.html  Explore more : https://next.nutanix.com/education-blog-78/training-and-certification-programs-at-the-global-next-digital-experience-37850

Consolidated list of documentations and tutorials related to Microsoft Azure Cloud Security. Can be used to perform a deep dive on Azure security and for the preparation of Azure Security certification. Feel free to share. Happy learning. Preparation Notes Microsoft Azure Services #Index Scaling Up/Vertical Scaling vs Scaling Out/Horizontal Scaling. What are Azure availability sets? Difference between Azure management groups, Subscriptions and Resource groups Azure Active Directory : Overview. Azure Active Directory User Types and RBAC built-in roles Azure Active Directory User Source of Authority (SoA) Application Registration in Azure Active Directory Azure Active Directory Identity Protection. Azure AD Connect Overview. Azure Front Door : Overview. Hardening your Azure cloud platform and best practices.   Security Documentation Glossary. Azure Well-Architected Framework Introduction to Azure security Azure security documentation Using customer-managed keys in Azure Key Vault with

Azure Front Door is a combination of Load-balancer and Web Application Firewall (WAF). It is a routing service that helps to accelerate the application access availability and performance and works at the Application layer. Azure Front Door service can be considered when you have a pool of application servers at the back-end and you need to load-balance the client requests and enhance the security. When you implement this service, it will route the client requests to the fastest and most available application back-end. These requests can be distributed to the back-end pool based on Weight-age and Priority. Azure Front Door service features, 1) URL based routing 2) Maintaining session affinity 3) SSL termination 4) Web Application Firewall Features. You can configure Azure Front Door in three steps. Search Front Door service from your Azure dashboard. 1) Add the front-end hosts / Domain name. Configure the front-end URL. User requests will hit here. You can enable affinity and WAF at th

Azure Active Directory is an Identity store in the Cloud. You can create users,groups and service principles in the Azure AD. When you create an Azure account, an Azure AD directory is automatically created by default. You mention all your identities in the directory and is used to authenticate and authorize the users to access a resource in the Azure Cloud. If you want to drill-down the access permission, then you can make use of Role Based Access Control (RBAC) which is different from the Azure AD roles.Using Azure AD, you can enable a lot of security features for authentication & authorization such as Multi-Factor Authentication (MFA), Conditional Access, Privileged Identity Management (PIM) etc. When it comes to billing, Azure AD is different from your Subscription billing. Normally all your resource usage will be billed against your subscription. But for Azure AD, you need to purchase the license separately from Microsoft Office 365 portal using a Work/school account. The l

The Azure AD Connect synchronization service is used to synchronize identity data between your on-premise environment and Azure Active Directory. There are two components for this service Azure AD Connect sync component – This is installed on the on-premise environment, recommended to be installed on a domain joined separate server and not on AD server directly. Azure AD Connect sync service – This service runs in Azure AD. Prerequisites for Configuring the Azure AD connect. An Azure AD tenant You need to add and verify your domain in Azure AD The Azure AD Connect sync component must be installed on a Windows Server 2012 Standard or later (On-Premises). The server must have the full GUI installed. The server must be domain joined.Recommended no to install in the AD DC server directly. The Azure AD Connect sync component requires a SQL Server database for storing identity data. By default , the installation of Azure AD Connect will install SQL Server 2012 Express LocalDB.During the conf

Azure Active Directory Identity Protection is used to , Automate the detection of any identity-based risks. It can also be used to investigate any risks to using reports data in the portal It can be used to expose risk detection data to third-party utilities for further analysis. Also possible to auto remediate the risks To use this feature fully fledged, Azure AD Premium P2 license is required. The tool can detect the following risk factors, Leaked credentials - If a user's credentials are leaked , AD Identity protection can get the intelligence and block the access. Sign-ins from anonymous IP addresses - These are user sign-ins that are originated from an IP address that has been identified as an anonymous proxy IP address or VPN. Logins from atypical locations - User sign-in occurs from geographically distant locations, where at least one of the locations may also be atypical for the user. For example, the user is login from New York and in the next hour another login request