well there it was. I was on an older Linux kernel and nmap --interactive. damn... hours, folks... hours.
moral of the story that really is well known but not adhered to... it's not about the exploit, it's about the misconfigurations.
I'm sure we have all had those moments but damn if it ain't frustrating.
I sat on a box last night and it was pushing me to throw in the towel and go to bed. it kept eating at me, "I'd seen this before!" I thought to myself but I just could not get the escalation. kernel exploit after kernel exploit being thwarted by account limitations.
exploit-db has an extreme issue with proper documentation. spent 2 hours fixing a gcc issue in the blind, so to speak.
this box was haunting me, y'all.
then it hit me, "mistakes and misconfigurations". where are they?
literally went "fuck it mode" in the #pwk lab yesterday and popped all boxes with exposed 445 (in the public network minus two that are not exposing pipes)... thank you nsa for the useful tool.
can't use them all for the lab write ups but it felt pretty bad ass to knock down that many boxes in the span of 5 minutes.
now after web apps, again. need to focus on diversifying my LFI/RFI skillset.
php://filter is my go to tool and it hasn't worked once in the labs. I need new tricks, y'all!!
Well, here goes my #introduction.
Active IT security specialist working as security consultant. Am not scared of a bit of #gaming in between days of #hacking at work. Worked mainly in blue teaming before, nowadays focus and work much more in red teaming.
This seems like a neat little community, pleased to meet y'all.
2/90 down. not really impressed with the #PWK lab environment. lots of unstable boxes getting hit constantly. 5 boxes owned and another network accessed. trying to make php do my bidding at the moment but it's not cooperating with me.
also, the VM they give you with the class... garbage. msf failing 2/3 when trying to load, several notable exploits missing and no way to get them. switched back to my test box. muchh better now.
really feel the need to pull the plug on social media. it's too toxic now days... even people trying to preach a "good" message are simply toxic in their delivery.
This example is not as bad as an open RCE, but still, very few researchers are actually digging into the vast and complex world of video games launchers/agents
so, out of curiosity and the switch to the MacBook pro, I have set up Kali very minimal and opened up SSH so I can hit it from iterm2 locally.
anyone used this in a test? I have a lot of tools native now so minimizing kali's foot print seems logical next step.
"man I forgot how much fun gparted is" said no VM user EVER.
provision your vms with enough memory kids.
some positive steps at work. new equipment in the form of MacBook Pro's, finally got the Jr. off the title. OSCP journey will be funded 100%.
- finish the elearnsecurity PTPv4. procrastinating so hard on that.
- attend black hat/defcon this year. (hopefully)
come on 2018, roll right.
#patience being tested today working with new pentesters. young, dumb and full of... they get on a box for like 3 seconds and start spraying every exploit known to man at it. seriously might take away their Kali instances and make them use Gentoo or Debian vanilla tomorrow. teach them that enumeration is more important than jackhammering a box like your junior prom date.
In my last week at my current job. Mostly hand off stuff. Need to document some processes and... that’s about it.
They brought me in to build out a pentest practice. I did that. Built up a small team. Built up our reputation. Believe it can continue on with out me.
On to new things.
learning how to use php://filter to my advantage. got to admit that some write-ups on webapp testing are written with very little to no information. to much "do this and that" and not enough "this is why you do this"
plus, the whole RTFM culture is still alive and well.
stuck in config file hell! URxvt, i3wm... but the Lenovo T430 is smokin' fast again.