December 19, 2021 | 21:56

INE Lab - From XSS to Domain Admin

This lab starts by exploiting a stored XSS vulnerability and a vulnerable Java browser plugin to get a (unprivileged) remote shell on one of the company’s internal network machines. In a next step, using the socalled Group Policy Preferences (GPP) vulnerability, it’s possible to get local administrator credentials. Bypassing UAC allows to further escalate the privileges to SYSTEM and force a domain administrator to login to the machine, by preventing an importing application to work,so that the user will contact IT support. Read more

September 4, 2021 | 23:15

INE WebApp Labs - Introduction

Preparation # Set lab DNS $ sudo sed -i 's/nameserver.*/nameserver' /etc/resolv.conf Cookies These are labs to understand how cookies work. Lab 1 Test cookie with domain set by default $ curl -i -s -k -X $'POST' \ -H $'Host:' \ --data-binary $'username=admin&password=adminpassword' \ $'' \ | grep "TestCookie" Set-Cookie: TestCookie=Cookie+set+by+default The cookie is set without a domain value and without a path. It is only valid for the same domain, but all paths: Read more

© Pavel Pi 2021

Powered by Hugo & Kiss'Em.