A collection of useful apps, that can be downloaded from F-Droid. This means they are Open Source Apps and can replace your proprietary software. Reclaim your freedom! :)
Cybersecurity skills are quite in demand. With all the hacking going on, like the Colonial Pipeline Attack or the recent Kaseya supply chain compromise, Cybersecurity skills are very valuable. But getting first started in Cybersecurity is not very easy. If you are interested in IT Security and ask yourself the following questions, then this blog post is exactly for you:
This challenge is from Blue Team Labs Online. Recently the networks of a large company named GothamLegend were compromised after an employee opened a phishing email containing malware. The damage caused was critical and resulted in business-wide disruption. GothamLegend had to reach out to a third-party incident response team to assist with the investigation. You are a member of the IR team — all you have is an encoded Powershell script. Can you decode it and identify what malware is responsible for this attack?
After unzipping the file, we get two text files:
ps_scipt.txt file contains the malicious powershell…
VulnNet: Internal is a boot2root room on TryHackMe. It has Easy difficulty. After getting the Redis password from NFS, it was possible to get the password for Rsync. With that password it was possible to upload a authorized_keys file. After connecting to the machine over SSH, there was a Teamcity instance running behind the firewall. The Teamcity port was forwarded to the attacker machine. This allowed connecting to the instance. Login was possible with authentication keys, which could be obtained through logs. After loggin into Teamcity, a malicious build pipeline was created. This pipeline has set the SUID bit on…
Cat Pictures is a boot2root room on TryHackMe. It has Easy difficulty. Initial access on the machine has been done over a custom shell and port. Later an SSH key could be acquired. After the SSH connection, we have root rights inside a Docker container. Escaping from that container was possible due to a writeable script inside the container, which was run in a cronjob outside the container.
Starting with a full port scan shows that an HTTP Server is running on port 8080.
sudo nmap 10.10.16.67 -p- -oN nmap/all_ports
# Nmap 7.91 scan initiated Sun Jun 20 13:15:28 2021 as…
Glitch is a room on TryHackMe. It has “Easy” difficulty. Initial foothold on the machine could be obtained by a remote code execution flaw in the API. Privilege escalation to root could be accomplished by reused credentials that were stored inside a Firefox profile.
The enumeration started with Nmap. It revealed that Nginx was running on port 80.
Wreath is a network on TryHackMe. The network contains one public facing web server and two other clients inside the internal network. The goal was to perform a penetration test against this network and write a report. Initial foothold inside the network was done by exploiting a vulnerable Webmin version. After that the attacker could pivot to another server, that was running a vulnerable version of GitStack. From there the developer machine could be compromised by exploiting a unrestricted file upload vulnerability. On the developer machine, the privilege escalation to SYSTEM has been done by abusing an unquoted service path.
“UltraTech” is a boot2root machine on TryHackMe. It has intermediate difficulty. You have been contracted by UltraTech to pentest their infrastructure. It is a grey-box kind of assessment, the only information you have is the company’s name and their server’s IP address.
Initial access to the machine could be obtained through a command injection vulnerability in the API. After that credentials could be dumped from a SQLITE database file. The hashed passwords could be cracked. The credentials were used to escalate privileges to another user on the box. The user was inside the
docker group. …
“Vaccine” is a boot2root machine on Hack The Box. This machine is part of the starting point series. The operating system is Linux. Initial foothold on the machine could be accomplished through a SQL injection vulnerability in the web app. Privilege escalation to root could be accomplished because of sudo rights for the
vi program. The FTP credentials
ftpuser:mc@F1l3Z1lL4 from the last challenge were used to obtain sensitive data from the target.
The engagement was started with the following Nmap scan:
nmap -sC -sV -O -oN nmap/inital 10.10.10.46
The Nmap scan revealed FTP on port 21, SSH on port 22…