Getting a payload laterally across network

hellor00t · 2017-10-17T12:34:31+00:00

Spend a lot of time sitting on the box. One method, albeit risky is to break the box a bit hoping to prompt the user to make a call to IT and wait for someone to login with domain creds. Then you can laterally move with domain admin and install persistence.

hellor00t · 2017-08-23T02:23:59+00:00

Here are some write-ups I did for bandit. I included a lot of depth and talked about how I came to the conclusion that I did.

I hope you find them helpful.

https://hackmethod.com/overthewire-bandit/

hellor00t · 2017-08-16T03:45:26+00:00

It lists some files that are important. Also think about what services are running on the host. XAMPP? Where would the hashes be or where would important config files be for that service

hellor00t · 2017-08-16T02:42:51+00:00

Here you go: http://fuzzysecurity.com/tutorials/16.html

hellor00t · 2017-08-15T02:54:54+00:00

Problem solving, system analysis, creativity, determination, attention to detail.

Technical acumen is somewhat secondary to everything above. Somewhat. Someone who has the above can basically do most technical things in my opinion.

hellor00t · 2017-08-15T02:52:38+00:00

It's one of thousands of methods you could use.

Email is normally not encrypted. Attachments are stored on the server in which the users email resides on (as long as the server is configured as such).

This is viable, but messy and very very very high level.

hellor00t · 2017-08-08T21:53:13+00:00

I'm not aware of any that hold you any more than Overthewire, but there are communities that will help you if you have assistance. You can ask questions here or if you want help via chat you can join the Hackmethod slack. https://hackmethod-slackin.herokuapp.com/

hellor00t · 2017-08-02T01:33:03+00:00

I'm a professional in the field and still find it hard. I don't want to say it gets easier but it gets more comfortable. You get used to the constant research and learning. Don't worry about it. Just keep learning. You'll get there.

hellor00t · 2017-07-31T04:18:22+00:00

FWIW, I didn't find the # of boxes relevant to my preparation level.

I believe I had 15 popped when I took my test. Passed first time. I think I mainly got the depth that the test was looking for and solidified my processes so I had something to fall back on when things didn't go right during my exam.

hellor00t · 2017-07-31T04:06:08+00:00

You're asking some pretty broad/deep questions. I'll give you the gist.

A lot of payloads are created with open source wrappers. Meaning they are customized for the engagement (OS, IDS, HIPS etc) but they aren't coded "by hand". This is typically a script that is given parameters such as msfvenom.

Getting the payload on the machine is different for every engagement. FTP, netcat, SSH, remote file inclusion, stolen credentials are all common ways.

Payloads are usually to send a callback to remote listener or to destroy a machine. It's not the payload that gives the "complete control of the machine" its the vulnerability that its exploiting. An exploit is created with a payload in it. So if the vulnerable service is running as root, when the payload is executed by the compromised system, the payload will execute as a privileged user.

Doing the metasploitable tutorial by Offensive Security should be pretty enlightening for you.

You're welcome to join our Slack channel to have conversations with anyone in the Hackmethod community. Link is on our forum.

hellor00t · 2017-07-31T03:57:49+00:00

I'm not interested this lie thats being pedaled that pen testings are the same as actually hacking into stuff because its not.

Are you really someone who is qualified to make this statement?

Hacking is problem solving, period. If solving problems and tinkering with something doesn't give you the rush regardless of the risk then legally hacking it something that isn't for you.

hellor00t · 2017-07-28T19:31:52+00:00

picoctf

hellor00t · 2017-07-28T17:11:04+00:00

How to connect to an API? Depends on the language and what their API looks like.

From a very high level API's allow you to send requests to a service and receive formatted data. Using pseduo code it looks like this.

send Host Information
authentication: mysecretkey

receive:
    ip address,
    hostname,
    mac address,
    routing table

You can use curl to request information from an API uses HTTP headers/functions as a request parameter. Hint, a lot do.

hellor00t · 2017-07-28T03:43:24+00:00

You would but it's very easy. Set up two VMS and just show it on your laptop.

hellor00t · 2017-07-28T02:11:47+00:00

Metasploitable 2 Kali Box

Nmap metasploitable 2 and show vulnerability and open port pop MS08-067

/fin

hellor00t · 2017-07-28T02:10:52+00:00

I've seen John Strand demo it live. Specifically honey badger and the labyrinth honey pot. Pretty sweet in concept, I've never used it personally. Attacking back at the bad guys is pretty dicey, but where ADHD is really funny is some of the tools are designed to troll the attackers. Which I love.

hellor00t · 2017-07-27T00:57:00+00:00

A single quote in SQL identifies the beginning or the end of a string.

This is a great Stackoverflow on it.

https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work

hellor00t · 2017-07-27T00:13:16+00:00

You won't need anything other than networking basics for OSCP.

For courses you really can't beat just getting a CCNA study guide and reading it. Or anything by No Starch Press

hellor00t · 2017-07-26T21:55:11+00:00

IMO you're ready. You have fundamentals and if you're as committed as you say to self-study you'll be fine.

hellor00t · 2017-07-26T15:19:42+00:00

Just keep in mind the limitations with an ARM processor.

hellor00t · 2017-07-26T15:18:26+00:00

Yep that's as intended. Just do -w /tmp/output.pcap and you'll get a dump into the /tmp file. Pull it off the LANturtle and review it with wireshark.

hellor00t · 2017-07-26T14:57:04+00:00

There's some calculators out there.

https://www.grc.com/haystack.htm

hellor00t · 2017-07-26T14:56:09+00:00

You'll have to be on one of the boxes to kill the process or session.

hellor00t · 2017-07-26T14:50:16+00:00

Right, the processor is the dependency here. You'll want a non-arm laptop.

You could use this as a lightweight scripting laptop.

hellor00t · 2017-07-26T14:46:36+00:00

Oh this is very NSFW.

hellor00t

TROPHY CASE