Posts

Showing posts from 2019

Hack The Box - Bashe Write Up

Image
HTB - Bashed Basic Difficulty: Easy Tools: nmap python reverse shell script  (http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) gobus ter LinEnum.sh (https://github.com/rebootuser/LinEnum) Walkthrough Recon nmap scanning for the win! nmap -sC -A -oN nmap-initial 10.10.10.68 -sC:  Default script -A:    Enable OS detection, version detection, script scanning, and traceroute -oN:  Output scan in normal format The result shows only tcp/80 is open. Let's navigate to the web page. It looks like a blog post mentioning a tool phpbash . Cli ck on the page to learn more:   It mentions that : I actually developed it on this exact server! Hence if we find out the location of phpbash, we can actually execute commands on the host! To find the location out, gobuster is a great tools for b rute -forcing directories! # gobuster dir -u http://10.10.10.68 -w /usr/share/wordlist/dirbuster/di...

Virtual Hacking Labs Penetration Testing Course Review

Image
Introduction Like many people who want to start learning penetration testing, I guess most of us share the same goal of getting OSCP, which is the most reliable industrial standard on penetration testing.  However, it is quite frustrating to start, simply because OSCP covers a lot of topics and you have to deep dive into each of them. Also, I know from many reviews that the OSCP materials are quite old and boring, and you have to explore more yourself on the topics discussed in the course materials. This is the reason why I want to find a platform or course that is more beginner friendly, more structural and realistic.  Browsing reddit, there are so many people recommend Virtual Hacking Labs (VHL) as a bridge to OSCP. Seeing that the price is quite cheap as a penetration test platform, I decided to purchase a 3-month pass and see how it works. Course Materials There are totally 9 penetration testing related chapters ( https://www.virtualhackin...