Quantcast
Channel: Hacking Articles|Raj Chandel's Blog
Browsing all 1812 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Multiple Files to Capture NTLM Hashes: NTLM Theft

IntroductionOften while conducting penetration tests, attackers aim to escalate their privileges. Be it Kerberoasting or a simple lsass dump attack, stealing NTLM hashes always tops off the list of...

View Article


Image may be NSFW.
Clik here to view.

HackTheBox Toolbox Walkthrough

IntroductionToolbox is a CTF Windows box with difficulty rated as “easy” on HackTheBox platform. The machine covers SQL injections, gaining interactive shell, escaping container and escalating...

View Article


Image may be NSFW.
Clik here to view.

Previse HackTheBox Walkthrough

IntroductionPrevise is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, hash cracking, privilege escalation...

View Article

Image may be NSFW.
Clik here to view.

DailyBugle TryHackMe Walkthrough

IntroductionDailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and privilege escalation using yum....

View Article

Image may be NSFW.
Clik here to view.

Writer HackTheBox Walkthrough

 Writer HackTheBox WalkthroughIntroductionWriter is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation...

View Article


Image may be NSFW.
Clik here to view.

Hackable: 3 VulnHub Walkthrough

Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloadedhere.This lab is designed for experienced CTF players who want to put their abilities to the test. We used the...

View Article

Image may be NSFW.
Clik here to view.

Intelligence HacktheBox Walkthrough

IntroductionIntelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket for privilege escalation.Table of...

View Article

Image may be NSFW.
Clik here to view.

Corrosion: 2 VulnHub Walkthrough

Proxy Programmer's Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who want to put their abilities to the test in a variety...

View Article


Image may be NSFW.
Clik here to view.

Process Ghosting Attack

IntroductionGabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The technique deals with creating a ghost...

View Article


Image may be NSFW.
Clik here to view.

Forge HackTheBox Walkthrough

IntroductionForge is a CTF linux box rated “medium” on the difficulty scale on HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and basic reverse engineering of python script for...

View Article

Image may be NSFW.
Clik here to view.

Domain Persistence: Golden Certificate Attack

IntroductionSecurity analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an AD, uses ticket-based...

View Article

Image may be NSFW.
Clik here to view.

Linux Privilege Escalation: Polkit CVE 2021-3560

IntroductionAccording to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a tool in PolicyKit or polkit that allows...

View Article

Image may be NSFW.
Clik here to view.

Anubis HackTheBox Walkthrough

IntroductionAnubis is an “insane” level CTF box available on HackTheBox platform designed by 4ndr34z. The box covers real life scenario of initial exploitation by uploading ASP webshell, breaking out...

View Article


Image may be NSFW.
Clik here to view.

Domain Persistence: Computer Accounts

IntroductionOften while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to a particular user....

View Article

Image may be NSFW.
Clik here to view.

Linux Privilege Escalation: PwnKit (CVE 2021-4034)

IntroductionTeam Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run command as privileged users. According to...

View Article


Image may be NSFW.
Clik here to view.

Horizontall HackTheBox Walkthrough

IntroductionHorizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and escalating privileges by tunneling an...

View Article

Image may be NSFW.
Clik here to view.

Windows Privilege Escalation: SpoolFool

 Windows Privilege Escalation: SpoolFoolIntroductionOliver Lyak posted a writeup about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous...

View Article


Image may be NSFW.
Clik here to view.

Windows Privilege Escalation: PrintNightmare

IntroductionPrint Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear enrichment centrifuges...

View Article

Image may be NSFW.
Clik here to view.

Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints

IntroductionWill Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research paper, they talked about an inherent...

View Article

Image may be NSFW.
Clik here to view.

Windows Persistence: Shortcut Modification (T1547)

IntroductionAccording to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on...

View Article
Browsing all 1812 articles
Browse latest View live