MSSQL for Pentester: External Scripts
This article will learn about SQL servers and how to exploit their external scripts to our potential.Table of content· Introduction to SQL Server· Installation of SQL Server·...
View ArticleMSSQL for Pentester: Abusing Trustworthy
In this article, we will learn how to give sysadmin rights to the user who has only fundamental public rights. Technically, we will apply privilege escalation logic and give sysadmin the privilege to a...
View ArticleMSSQL for Pentester: Abusing Linked Database
MSSQL for Pentester: Abusing Linked DatabaseThis article is another addition to our MSSQL for Pentesters series. In this article, we will learn how to create a linked server and exploit it. Table of...
View ArticleMSSQL for Pentester: Stored Procedures Persistence
In this article, we will learn one of many ways to gain persistence in SQL servers. This article is an addition to our MSSQL for Pentesters series.Gaining persistence is one of the significant steps...
View ArticleMSSQL for Pentester: Hashing
In this article, we will learn about multiple ways to get hashes of MSSQL users. Every version of MSSQL has different hashes. We have performed our practical on SQL Server 2016 version. Once we find...
View ArticleScriptkiddie HackTheBox Walkthrough
Script Kiddie is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim's system. Penetration Methodlogies...
View ArticleDevel HacktheBox Walkthrough
We are going to play with the DEVEL machine of Hack the box. Here we will learn how to pwn the machine and access the privilege shell. Our perspective to exploit the machine by the manual method to...
View ArticleKnife HacktheBox Walkthrough
Today we are going to solve the lab name as Knife –Hack the Box. The purpose is to accept the challenge to root the machine. Usage of sudo rights and remote code execution to pwn the victim’s...
View ArticleSpectra HacktheBox Walkthrough
Today we are going to accept the boot2root challenge of Spectra –Hack the box lab. Through this lab, we are going to check our skills in WordPress Exploitation and basic privilege escalation.Table Of...
View ArticleLove HacktheBox Walkthrough
Love is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim’s system.Penetration Methodlogies1st...
View ArticleMSSQL for Pentester: Command Execution with Extended Stored Procedures
Extended stored procedures are DLL files which are referenced by the SQL Server by having the extended stored procedure created which then reference functions or procedures within the DLL. The DLLs...
View ArticleMSSQL for Pentester: Extracting Juicy Information
In this post you will learn how will can extract sensitive sample information stored in the mssql by using powerupsql and mssql. In our previousarticle we have mention tools and techniques that can...
View ArticleCAP HacktheBox Walkthrough
Today CAP – HTB machine will be our target. We will categorize this lab in the beginner's section to capture the flag. Here, we are going to learn about the capability binary approach of privilege...
View ArticleWindows Privilege Escalation: Weak Services Permission
Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting misconfigured...
View ArticleArmageddon HackTheBox Walkthrough
We’ll look at another one of HackTheBox machines today, called “Armageddon.” It is an easy box targeting commonly found threat of using outdated plugins. In this box, old and vulnerable version of...
View ArticleWindows Privilege Escalation: Insecure GUI Application
IntroductionIn the series of Privilege escalation, till now we have learned that Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows...
View ArticleWindows Privilege Escalation: Unquoted Service Path
Unquoted Path or Unquoted Service path is reported as a critical vulnerability in Windows, such vulnerability allows an attacker to escalate the privilege for NT AUTHORITY/SYSTEM for a low-level...
View ArticleTheNotebook HackTheBox Walkthrough
We’ll look at another one of HackTheBox machines today, called “TheNotebook.” It is a medium difficulty box targeting commonly found threat of using insecure JWT token implementation. A user is able to...
View ArticleWindows Privilege Escalation: Weak Registry Permission
Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting misconfigured...
View ArticleWindows Privilege Escalation: Stored Credentials
Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting Stored...
View Article