Vulnix CTF

Firstly, we must download and extract the given Box named ‘Vulnix’ and set up the network configurations, so as to make sure that the Vulnix Box and our Kali box are on the same network. Once that is done, we must start both VMs. Identifying the victim machines IP In order to identify which IP, […]

2014 CySCA Om Nom Nom

This penetration test assignment is done for the OM NOM NOM NOM Challenge of CYSCA2014. When we hear the term OM NOM NOM NOM what comes to our mind, is that that is the sound made by the cookie monster on the “Sesame Street” TV show. So this could be something to do with cookies. […]

Exploiting Metasploitable 2 box.

In This blog post we will be looking at how Metasploitable 2 virtual machine can be exploited. We will be using Metasploit and other tools to the hacking. ssh_keygen Details: Unlike earlier exploits where metasploit was used, in this it is not used. We are exploiting using generating keys unreal_irhd_3281_backdoor Details: we use a backdoor to exploit the Linux system. We only need to give the RHOST IP before exploiting.   distcc_exec Details: Only the RHOST IP needs to be given by us.

Vulnerable Windows 2000

This post will comprise of a step by step walk through of how I exploited 3 vulnerabilities in a deliberately vulnerable windows 2000 virtual machine. ms01_23_printer Details about the vulnerability : As shown in this picture, all that it needs to know is the RHOST IP. Once it was given and exploited, A remote session to the windows machine was created as shown below. m06_40_netapi Details about the vulnerability: Similar to the previous exploit, all this needed was also is the RHOST IP. ms08_67_netapi Details: likewise, All we need to give is RHOST IP.  

Spidering using Burpsuite

One of the main things needed for CTFs are using Burpsuite to intercept traffic. This guide will help users understand basics of Burpsuite. Defining Target Scope in Burpsuite. Here we have defined what should be included in our scope and excluded from our scope. The entry in the include section was defined by us and […]