-
Enumerating IIS Service
Internet Information Services (IIS) is a widely used web server developed by Microsoft, often deployed in enterprise environments to host websites, applications, and services. As part of a penetration test, enumerating IIS is crucial for identifying misconfigurations, exposed endpoints, and potential vulnerabilities that could be leveraged for further exploitation. In… Continue ⇢
-
LLMNR/NBT-NS Poisoning – from Windows
In modern Windows environments, name resolution plays a crucial role in network communication. However, certain legacy protocols, such as Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS), introduce security risks that attackers can exploit to capture credentials and escalate privileges. This article explores the LLMNR/NBT-NS poisoning attack, how… Continue ⇢
-
Proving Grounds Practice: Devnal Walkthrough
Today, we’ll look at Devnal, an intermediate-level Linux machine on OffSec’s Proving Grounds Practice. Enumeration nmap: Scanning for Open Ports We begin by scanning the target machine with nmap to identify open ports and services. Breaking it down: Results: We have SSH (22) and HTTP (80) open. Enumerating the Web… Continue ⇢
-
LLMNR/NBT-NS Poisoning – from Linux
LLMNR (Link-Local Multicast Name Resolution) and NBT-NS (NetBIOS Name Service) are name resolution protocols used primarily in local area networks (LANs) to resolve hostnames without the need for a centralized DNS server. These protocols are designed to allow devices within the same network to resolve each other’s names, especially in… Continue ⇢
-
Credential Hunting In Linux
In penetration testing and red teaming, credential hunting refers to the process of searching for exposed or improperly stored authentication credentials within a system. On Linux, credentials are often stored in configuration files, log files, environment variables, or even in process memory. Attackers who gain access to these credentials can… Continue ⇢
-
Credential Hunting In Windows
In the context of penetration testing and red teaming, credential hunting refers to the process of searching for exposed or improperly stored authentication credentials within a Windows environment. These credentials—ranging from plaintext passwords and hashed values to authentication tokens—are often found in memory, system files, registry entries, and network shares.… Continue ⇢
-
Proving Grounds Practice: Pier Walkthrough
Today, I’ll walk you through Pier, a new intermediate-level (though actually quite easy!) Linux machine on OffSec’s Proving Grounds Practice. Enumeration We begin by performing a thorough network scan of the target machine using nmap. On our Kali machine (richie@kali), we run the following command: The scan output is as… Continue ⇢
-
Proving Grounds Practice: Dev_Working Walkthrough
Let’s walk through Dev_Working, a brand new intermediate-level Linux machine on OffSec’s Proving Grounds Practice that was literally published a few hours ago at the time of this writing! In this challenge, we begin by enumerating an Apache Solr service to extract sensitive database credentials, which allow us to access… Continue ⇢
-
Proving Grounds Practice: WallpaperHub Walkthrough
Today, we’ll walk through WallpaperHub, a new intermediate-level Linux machine on OffSec’s Proving Grounds Practice. In this lab, we’ll exploit an unrestricted file upload vulnerability in a wallpaper sharing platform to perform local file inclusion, extract sensitive files, and retrieve an SQLite database with hashed credentials. After cracking the password… Continue ⇢
You must be logged in to post a comment.