‘Lazysysadmin’ is another of the targets as recommended by the excellent TJnull, in preparation for the OSCP. Lazysysadmin is considered an ‘easy’ machine. Just for fun, we’ll take a look at a number of different exploitation routes as well as take a look at some post-exploitation activities (specifically data exfiltration or exfil). Exfil would obviously be of interest to a Red Team operator who is more more ‘goal driven’ and not so fixated on gaining root.
Talks and presentations that I have given 2015 OWASP Belfast Meetup - October 1st, 2015: Mobile App Pentesting. [slides] 2017 OWASP Belfast Meetup - Mobile Pen Testing with a Wifi Pineapple 2019 BSides Belfast - Offensive Ansible for Red Teams [slides] [video] 2020 Newry NewTec 2020. A big shout out to Joe Mckevitt and Jonny Mullagh for having me! [event info] Robert Gordon University Aberdeen (Scotland), 11th March 2020- Cybersecurity Meetup: Automating Red Team Attack Infrastructure [slides] Robert Gordon University Aberdeen (Scotland), 12th March 2020 - Undergraduate talk: Hacking a career in Offensive Security [slides] Image credit: Luis Quintero
Webshells are a really useful stepping stone on the path to a proper reverse shell. The idea is that they use popular scripting based approaches such as PHP to accept some parameters in a GET request. That data then gets executed as a system level command - i.e. against the underlying operating system used by the web site. The types of activity you can perform are dependent on the privileges associated with the account running the web server.
Why is this sort of thing still happening? Finding a hotel room safe with a default code is not a particularly new security issue, which begs the question as to why it is still happening today if the issue is incredibly easy to fix. I encountered this issue recently when I had checked into a hotel. After flicking through the TV I got bored and turned my attention to the hotel room safe.
BSidesBelfast (October 31st 2019) was the first time that I actually presented at a major conference. I’ve been to quite a few other BSides events, but always as an attendee, never as a speaker. That all changed when I got the opportunity to present a talk on ‘Offensive Ansible for Red Teams - Attack, Build, Learn’. TL;DR: In this article I’ll talk about my overall experiences at BSides Belfast 2019 as well as give a brief overview of the talk I presented.
This VulnHub writeup is based on Neuromancer - part two of the excellent ‘Wintermute 1’ challenge, created by creosote I’ll spare you all the detail, but as a quick recap, after having rooted Straylight we find that it is dual-homed - i.e. it is part of a second sub-net. We pick up the action from the ‘note.txt’ file found after having gained root privs on that box. TLDR/Spoiler Alert: The privesc route for this machine is not the obvious one chosen by other people who have taken the time to put together so many great writeups.