The scenario is described as follows: The user will access a ubuntu instance as a student user. We will assume that we have compromised a machine and gained regular user access (student). We need to conduct local enumeration and obtain root access to the machine. Objective: Find the SUID executables and vulnerable services to gain the root privileges. Read more

The scenario is described as follows: You have been tasked by an organization to conduct a penetration test. Suppose that the organization’s internet-facing machine is accessible at demo.ine.local. There is another machine (fileserver.ine.local) which is not directly accessible. Task: Perform remote exploitation and post-exploitation tasks on vulnerable systems, gain access to both machines and retrieve the flag! Read more

Recently, I wanted to understand what a Windows program built with Qt 4.7 is doing under the hood, in particular I investigated the use of the QString class. For that I used Frida to hook some of the classes methods. Read more

The scenario is described as follows: In this lab environment, the user will access a Kali GUI instance. A vulnerable application can be accessed using the tools installed on Kali on: http://demo.ine.local http://demo2.ine.local http://demo3.ine.local http://demo4.ine.local Dictionaries to use: /usr/share/metasploit-framework/data/wordlists/common_users.txt /usr/share/metasploit-framework/data/wordlists/unix_users.txt Read more

This lab starts by exploiting a stored XSS vulnerability and a vulnerable Java browser plugin to get a (unprivileged) remote shell on one of the company’s internal network machines. In a next step, using the socalled Group Policy Preferences (GPP) vulnerability, it’s possible to get local administrator credentials. Bypassing UAC allows to further escalate the privileges to SYSTEM and force a domain administrator to login to the machine, by preventing an importing application to work,so that the user will contact IT support. Read more