Hackthebox: (Ambassador) Metasploit way
ThreatNinja
by darknite
19h ago
For those who have read the Ambassador machine walkthrough over here, this is another method of getting the Root Privileges Access using Metasploit way. To be honest, I hardly use Metasploit for any machine or activity especially while playing CTF or hackthebox machine. The vulnerabilities that have been used to obtain the root privileges access is the exploit Hashicorp Consul – Remote Command Execution via Rexec (Metasploit) The tool that I will use for this activity would be Metasploit Metasploit via port forwarding Firstly, we need to execute the port forwarding on the machine so that we c ..read more
Visit website
Hack The Box: Ambassador Machine Walkthrough – Medium Difficulty
ThreatNinja
by darknite
19h ago
In this post, I would like to share a walkthrough of the Ambassador Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Ambassador machine? For the user flag, you will need to abuse the file read vulnerability so that we will be able to read the DB configuration file which we should be able to obtain the password for the admin. As a result, we can get some information by exploring the MySQL instance. As for the root flag, you need to exploit the Consul vulnerability which it will get us an execution as root. Information ..read more
Visit website
Learning Series: Misconfiguration Mistakes on the application
ThreatNinja
by darknite
2d ago
What is Misconfiguration? Security misconfiguration is a vulnerability that normally happens when the application especially a web page because the developer didn’t configure the website properly and exposes it to insecure configuration options. It’s a configuration weakness that normally existed within the software components or in user administration. A common scenario in the real-life world, the application might be installed with a default user account or configuration file such as phpinfo which the bad guys might take advantage of abusing the application or system. Another method is that ..read more
Visit website
Hack The Box: (UpDown) Upload Phar File for RCE
ThreatNinja
by darknite
1w ago
What is Phar Deserizalition to Remote Code Execution? Phar file also known as PHP Archive will normally contain metadata that is written in a serialized format. As a result, the bad guys can abuse the vulnerability related to deserialized that wrote inside the PHP code. For those who are not familiar with PHP functions that have been used in the deserialization which not eval the PHP code such as file_get_contents(), fopen(), file() or file_exists(), md5_file(), filemtime() or filesize(). Demonstration of uploading Phar File for Remote Code Execution Attack method The demonstration is taken fr ..read more
Visit website
Protected: Hack The Box: Forgot Machine Walkthrough – Medium Difficulty
ThreatNinja
by darknite
1w ago
This content is password protected. To view it please enter your password below: Password: The post Protected: Hack The Box: Forgot Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net ..read more
Visit website
Learning Series: Command Injection Attack
ThreatNinja
by darknite
2w ago
What is Command Injection Attack? It’s an attack in which the bad guys’ objective on this activity will be trying to obtain the execution of arbitrary commands on a vulnerable application. Normally, the vulnerability exposes when the application has sent unsafe user-supplied data to a system shell. Normally, people will think that Code Injection and Command Injection but sadly it’s totally different where the Code Injection will allow the bad guys to usually add malicious code into the application and execute it remotely. However, the Command Injection will execute the command on the applicati ..read more
Visit website
Hack The Box: (Shoppy Machine) NoSQLi attack
ThreatNinja
by darknite
2w ago
What is NoSQL Injection? Before we proceed with the NoSQL Injection details, we need to understand the NoSQL databases which it has provided low consistency restrictions if compared to SQL databases. Most of the time, the attack might execute from a procedural language than SQL language and the impact is greater than SQL Injection. How to review the source of the injection? For all vulnerability, there have some way to detect or review whether the vulnerability is existed on the application or system. Normally, We should be able to verify the vulnerabilty by analying the source code of the web ..read more
Visit website
Learning Series: Docker Escape Method
ThreatNinja
by darknite
3w ago
What is Docker Escape Method? Firstly, we are required to understand the importance of Docker escape or also containers escape which was infrastructure that is used by virtual or day-to-day operations for all enterprises. The case of cybersecurity incidents is been risen nowadays, especially the docker escape which we will be able to learn on this post. However, the docker escape attack is surely different from the endpoint security surface where the attack might take action inside the container. The Breaking out Method Details So, normally breaking out from the docker or container was called ..read more
Visit website
Learning Series: XML External Entity Injection Attack
ThreatNinja
by darknite
3w ago
What is XML external entity injection? XML external entity injection is a security vulnerability that normally allows a bad guy by executing the XML data of the application’s processing. A bad guy will able to view files on the application server filesystem which the bad guy can escalate an XML attack to compromise the vulnerable server or on other back-end infrastructure. This method is also able to leverage the XML vulnerability to execute SSRF attacks Demonstration on the attack The demonstration is taken here Gaining Privilges Access A website interface such as Bounty Report System – Beta ..read more
Visit website
Learning Series: How to detect vulnerabilities in the application
ThreatNinja
by darknite
1M ago
In this post, I would like to share my experience on how to detect some vulnerabilities within the application itself. A lot of people did ask me how I manage to detect any vulnerabilities with no information (blindly) at all while playing the CTF game. There are a lot of ways to detect vulnerabilities within the application such as the application’s version which can tell the threat actors about the application that has been installed within the server. For the demonstration in this post, I will share some well-known attacks such as SQL Injection and Local File Inclusion First vulnerability ..read more
Visit website

Follow ThreatNinja on Feedspot

Continue with Google
OR