Tool: SSSD Extract

Tool Link: https://github.com/z-r0crypt/SSSD-extract Using this bash script it is possible to extract Active Directory accounts hashes when credential caching is enabled in SSSD. $ zsh sssd-extract.sh [$FolderPath] Without input arguments it takes the SSSD default path /var/lib/sss/db/ but you can use a different one. If tdbdump is not installed it just lists the ldb files which contain the hashes, you can install it apt install tdb-tools or exfiltrate these files: More →

HTB Machines for OSEP Preparation

HTB Machines for OSEP Preparation List of HTB (Hack the Box) Machines to prepare for OSEP Exam (PEN-300) by offensive security. 3. Client Side Code Execution With Office Attack Type HTB Machine Attack Used in HTB Link Phishing with Microsoft Office: RTF Document REEL malicious RTF Document (CVE-2017-0199) Walkthrough : https://youtube.com/watch?v=ob9SgtFm6_g&t=794 Tool: https://github.com/bhdresh/CVE-2017-0199 Phishing with Microsoft Office: LibreOffice RE LibreOffice Macro Walkthrough : https://youtube. More →

Dangerous PHP Functions

Command Execution exec - Returns last line of commands output passthru - Passes commands output directly to the browser system - Passes commands output directly to the browser and returns last line shell_exec - Returns commands output \`\` (backticks) - Same as shell_exec() popen - Opens read or write pipe to process of a command proc_open - Similar to popen() but greater degree of control pcntl_exec - Executes a program PHP Code Execution Apart from eval there are other ways to execute PHP code: include/require can be used for remote code execution in the form of Local File Include and Remote File Include vulnerabilities. More →

Cryptography I - Week 2 - part 2

Using Block Ciphers Modes of operation: One time key Security for one time key ECB (Electronic Code Book) - One time key Deterministic counter mode from a PRF F (eg. AES) - One time key Modes of operation: Many time key CBC (Cipher Block Chaining with a random IV) - Many time key (CPA security) IV (Initialization Vector) IV-based encryption Nonce-based encryption Padding Randomised Counter-mode (CTR) (superior to CBC) Coparison: CTR vs CBC Using Block Ciphers Modes of operation: One time key Goal: Build a secure encryption from a secure PRP More →

Cryptography I - Week 2 - Part 1

Block Ciphers Pseudo Random Function (PRF) Pseudo Random Permutation (PRP) Secure PRF PRF => PRG Data Encryption Standard DES: Core Idea - Feistel Network DES is a 16 round Feistel network The Function F(k_i, x) S-boxes Exhaustive search on DES Strengthening DES against ex. search Method 1: Triple DES Method 2: DESX Attacks on the implementation of the block ciphers Side channel attacks Fault attacks Conclusion on implementation attacks Attacks on block ciphers Linear and differential attacks Quantum attacks Advanced Encryption Standard (AES) Block Cipher History Design How to use AES Attacks on AES Building Block Ciphers from PRGs Notes and Review Block Ciphers A block cipher maps n bits of inputs to n bits of output. More →

OSWE/AWAE Preparation

OSWE Exam Preparation This post contains all trainings and tutorials that could be useful for offensive security’s OSWE certification. I will be updating the post during my lab and preparation for the exam. Course Syllabus: https://www.offensive-security.com/documentation/awae-syllabus.pdf Before registering for AWAE Lab: Get comfortable with python requests library Read Web Application Hacker’s handbook, again if you already did Get familiar with Burpsuite Get familiar with regex Get hands on with OWASP top 10 2017 Vulnerabilities Vulnerable Apps for practice on OWASP Portswigger WebSecAcademy Practice code review skills - OWASP SKF Before registering for the OSWE Exam: XSS to RCE AtMail Email Server Appliance 6. More →

Microcorruption CTF - Tutorial

Introduction In this post I will share my learnings and research work done during microcorruption CTF challenge. What is Microcorruption? It’s an embedded security CTF challenge where you are given a debugger and a device (a smart lock), you will be given different levels of challenges to unlock the device, find flgs, find code vulnerabilitys, memory corruption bugs etc. You’ll use the debugger to reverse-engineer the code for each level. More →

Cryptography I - Stanford University - Week 1

Week 1. This week’s topic is an overview of what cryptography is about as well as our first example ciphers. You will learn about pseudo-randomness and how to use it for encryption. We will also look at a few basic definitions of secure encryption. History Discrete Probability Birthday paradox Stream Ciphers Information theoretic security Stream Ciphers PRG Attacks on OTP / stream ciphers Modern broken stream ciphers Better modern stream cipher Let’s do some Salsa! More →

Introduction

Welcome! In this site I will be sharing my learning and experiences i gained during a pentest, a CTF, wargame or any security challenges, basically everything i learn or want to learn. Hoping to help someone in similar situations and get feedback from you!