Clik here to view.
MSSQL for Pentester: External Scripts
This article will learn about SQL servers and how to exploit their external scripts to our potential.Table of content· Introduction to SQL Server· Installation of SQL Server·...
View ArticleClik here to view.
MSSQL for Pentester: Abusing Trustworthy
In this article, we will learn how to give sysadmin rights to the user who has only fundamental public rights. Technically, we will apply privilege escalation logic and give sysadmin the privilege to a...
View ArticleClik here to view.
MSSQL for Pentester: Abusing Linked Database
MSSQL for Pentester: Abusing Linked DatabaseThis article is another addition to our MSSQL for Pentesters series. In this article, we will learn how to create a linked server and exploit it. Table of...
View ArticleClik here to view.
MSSQL for Pentester: Stored Procedures Persistence
In this article, we will learn one of many ways to gain persistence in SQL servers. This article is an addition to our MSSQL for Pentesters series.Gaining persistence is one of the significant steps...
View ArticleClik here to view.
MSSQL for Pentester: Hashing
In this article, we will learn about multiple ways to get hashes of MSSQL users. Every version of MSSQL has different hashes. We have performed our practical on SQL Server 2016 version. Once we find...
View ArticleClik here to view.
Scriptkiddie HackTheBox Walkthrough
Script Kiddie is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim's system. Penetration Methodlogies...
View ArticleClik here to view.
Devel HacktheBox Walkthrough
We are going to play with the DEVEL machine of Hack the box. Here we will learn how to pwn the machine and access the privilege shell. Our perspective to exploit the machine by the manual method to...
View ArticleClik here to view.
Knife HacktheBox Walkthrough
Today we are going to solve the lab name as Knife –Hack the Box. The purpose is to accept the challenge to root the machine. Usage of sudo rights and remote code execution to pwn the victim’s...
View ArticleClik here to view.
Spectra HacktheBox Walkthrough
Today we are going to accept the boot2root challenge of Spectra –Hack the box lab. Through this lab, we are going to check our skills in WordPress Exploitation and basic privilege escalation.Table Of...
View ArticleClik here to view.
Love HacktheBox Walkthrough
Love is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim’s system.Penetration Methodlogies1st...
View ArticleClik here to view.
MSSQL for Pentester: Command Execution with Extended Stored Procedures
Extended stored procedures are DLL files which are referenced by the SQL Server by having the extended stored procedure created which then reference functions or procedures within the DLL. The DLLs...
View ArticleClik here to view.
MSSQL for Pentester: Extracting Juicy Information
In this post you will learn how will can extract sensitive sample information stored in the mssql by using powerupsql and mssql. In our previousarticle we have mention tools and techniques that can...
View ArticleClik here to view.
CAP HacktheBox Walkthrough
Today CAP – HTB machine will be our target. We will categorize this lab in the beginner's section to capture the flag. Here, we are going to learn about the capability binary approach of privilege...
View ArticleClik here to view.
Windows Privilege Escalation: Weak Services Permission
Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting misconfigured...
View ArticleClik here to view.
Armageddon HackTheBox Walkthrough
We’ll look at another one of HackTheBox machines today, called “Armageddon.” It is an easy box targeting commonly found threat of using outdated plugins. In this box, old and vulnerable version of...
View ArticleClik here to view.
Windows Privilege Escalation: Insecure GUI Application
IntroductionIn the series of Privilege escalation, till now we have learned that Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows...
View ArticleClik here to view.
Windows Privilege Escalation: Unquoted Service Path
Unquoted Path or Unquoted Service path is reported as a critical vulnerability in Windows, such vulnerability allows an attacker to escalate the privilege for NT AUTHORITY/SYSTEM for a low-level...
View ArticleClik here to view.
TheNotebook HackTheBox Walkthrough
We’ll look at another one of HackTheBox machines today, called “TheNotebook.” It is a medium difficulty box targeting commonly found threat of using insecure JWT token implementation. A user is able to...
View ArticleClik here to view.
Windows Privilege Escalation: Weak Registry Permission
Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting misconfigured...
View ArticleClik here to view.
Windows Privilege Escalation: Stored Credentials
Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting Stored...
View Article