When giving sudo to nano makes you root 🧨 Today I want to share a real-life example of how poorly designed sudo configuration can lead to a full escalation to root on a Linux system. 🔍 Scenario: A non-privileged user (joanna) can run the following without a password: sudo /bin/nano /opt/priv At first glance, it […]
🌐 Environment Element Details IP address 10.10.10.165 Operating System Debian GNU/Linux 10 (buster User/Group user / www-data Network VLAN-10 / NAT / Host-only 🧪 Procedure We check connection with the victim machine. ping -c2 10.10.10.165 PING 10.10.10.165 (10.10.10.165) 56(84) bytes of data. 64 bytes from 10.10.10.165: icmp_seq=1 ttl=63 time=90.1 ms 64 bytes from 10.10.10.165: icmp_seq=2
📝 Writeup – cicada 🧪 Procedure 1 -> To keep everything organized, the first thing we always do is create a folder in our work environment with the machine's name. Once created, we enter the folder and execute the [[mkt]] command. We check the connection to the victim machine. ping -c2 10.10.11.35 PING 10.10.11.35 (10.10.11.35)
Domain takeover means registering a non-existent domain name to gain control of another domain. If attackers find an expired domain (here’s how to find them [8 – Finding Expired Domains]), they can hijack that domain to carry out other attacks, such as hosting malicious content on a website or sending a phishing email using the
See [[2 – DNS Server Enumeration Port 53]] part of subdomains Tools There are several tools available that excel at brute-force enumeration: Tool Description dnseno Comprehensive DNS enumeration tool that supports dictionary and brute-force attacks to discover subdomains. fierce Easy-to-use tool for recursive subdomain discovery, with wildcard detection and a user-friendly interface. dnsrescon Versatile tool
If we have Java files, such as one from the blockyBlocky Writeup machine, which is BlockyCore.class We need to decompile it to see the content. To do this, we can do wget https://www.benf.org/other/cfr/cfr-0.152.jar # Now we do java -jar cfr-0.152.jar BlockyCore.class And we see the contents. We can also decompile them recursively. So java -jar
📝 Writing – Blocky Linux 🧪Procedure 1 -> To keep everything organized, the first thing you should always do is create a folder in your work environment with the name of the machine. Once you’ve created it, go to the folder and run the [[mkt]] command. Now we check the connection to the victim machine.
The dig command (Domain Information Groper) is a versatile and powerful utility for querying DNS servers and retrieving various types of DNS records. Its flexibility and detailed, customizable output make it an ideal choice. Common dig Commands Domain Description dig domain.com Performs a default A record lookup for the domain. dig domain.com A Retrieves the
Ethical Hacking. The world of computer security is constantly evolving, and with it, the need for professionals trained in the art of ethical hacking. In this post, we’ll explore what ethical hacking is, why it’s important, and how you can begin your journey in this exciting and increasingly relevant field. What is Ethical Hacking? Ethical
This time we have the writeup of the Vulhub Venom machine. Initial Reconnaissance in the Writeup We see that we have the IP 192.168.1.225 Now we run a trace to see if we have a connection to the machine. We see that we have a connection and the “ttl=64” attribute, meaning we are dealing with