Bypassing grub in Linux – prob & solution

Did you just install some linux distro in your VM? or your own machine? Were you doing it by watching a tutorial on the web? Did you install grub? Have you password protected the user? Yes? Then you are secure right? The answer to that is NO! The Problem : Bypassing grub can be done […]

Vulnix CTF

Firstly, we must download and extract the given Box named ‘Vulnix’ and set up the network configurations, so as to make sure that the Vulnix Box and our Kali box are on the same network. Once that is done, we must start both VMs. Identifying the victim machines IP In order to identify which IP, […]

2014 CySCA Om Nom Nom

This penetration test assignment is done for the OM NOM NOM NOM Challenge of CYSCA2014. When we hear the term OM NOM NOM NOM what comes to our mind, is that that is the sound made by the cookie monster on the “Sesame Street” TV show. So this could be something to do with cookies. […]

Exploiting Metasploitable 2 box.

In This blog post we will be looking at how Metasploitable 2 virtual machine can be exploited. We will be using Metasploit and other tools to the hacking. ssh_keygen Details: Unlike earlier exploits where metasploit was used, in this it is not used. We are exploiting using generating keys unreal_irhd_3281_backdoor Details: we use a backdoor to exploit the Linux system. We only need to give the RHOST IP before exploiting.   distcc_exec Details: Only the RHOST IP needs to be given by us.

Vulnerable Windows 2000

This post will comprise of a step by step walk through of how I exploited 3 vulnerabilities in a deliberately vulnerable windows 2000 virtual machine. ms01_23_printer Details about the vulnerability : As shown in this picture, all that it needs to know is the RHOST IP. Once it was given and exploited, A remote session to the windows machine was created as shown below. m06_40_netapi Details about the vulnerability: Similar to the previous exploit, all this needed was also is the RHOST IP. ms08_67_netapi Details: likewise, All we need to give is RHOST IP.  

Spidering using Burpsuite

One of the main things needed for CTFs are using Burpsuite to intercept traffic. This guide will help users understand basics of Burpsuite. Defining Target Scope in Burpsuite. Here we have defined what should be included in our scope and excluded from our scope. The entry in the include section was defined by us and […]

Getting started with Oracle DB.

In this blog post we will be looking at how to get started with Oracle DB. Undoubtedly, oracle is considered to be one of the most secure database management systems. Hence, many organizations around the world use Oracle DB. Here are some of the security features in Oracle DB: Data Dependent Access Control ,Role Based […]

Pingsweeping – How and why?

Pingsweeping – Intro & usage. Assume that you are a burglar and you want to steal. Then your first goal will be to identify your targets. Similarly, in the context of hacking, the first thing a hacker needs to do is identify the target hosts. In order to do so they send ICMP requests (pings) […]