NeilSec: Security Learning Blog

Pentesting, infosec, hacking, learning.

  • Home
  • Knowledgebase

ch4inrulz 1.0.1 Walkthrough

2018-09-06 by Neil Leave a Comment

Initial Enumeration Having located the VM on 192.168.189.129, we run an nmap scan to see what port action is available: No known vulnerabilities for the services were found. Taking the ports one at a time: 21/ftp anonymous FTP access is allowed: PUT and MKDIR are not allowed: 550 Permission denied Server is anonymous only so no root, or other user, access allowed 22/SSH external ssh appears to be allowed 80/HTTP Website found: Dirb finds files and listable directories: [email protected]:~/temp# dirb http://192.168.189.129 ----------------- DIRB v2.22 By The Continue Reading

Vulnix

2018-05-06 by Neil Leave a Comment

Continue Reading

How to pivot through a Windows host with Secure Sockets Funnelling (SSF) Part 1:

2018-03-26 by Neil Leave a Comment

Secure Sockets Funnel

SSF Pivoting is a key part of Penetration Testing as it allows you to move through the target network, getting access to subnets that are on the other side of NAT routers or otherwise inaccessible from your point of entry. Pivoting from a linux machine is quite well served since most linux boxes are running SSH and this service can be co-opted for this purpose. But pivoting from a Windows box you've compromised isn't quite so simple to do using native commands. In this post I'll cover using SSF: Secure Sockets Funneling - a tool available here Secure Sockets Funnelling (SSF) SSF is a Continue Reading

OSCP / PWK (Pentesting With Kali)

2018-02-13 by Neil Leave a Comment

Having completed the e-learning's eJPT, which I posted about here I have now embarked upon Offensive Security's PWK course, leading to the OSCP certificate. After the sign-up process and after waiting for my intake date, I received a series of emails giving me the course material (a PDF of a 375 pages and 149 videos), links to their lab control panel and instructions on how to download their version of Kali plus how to get to their labs via VPN. The materials seem quite good albeit a little sparse compared to how I expected them to be. Unlike the eJPT there are no lab challenges at the Continue Reading

« Previous Page
Next Page »

About Me

I’m not an Infosec expert or 1337 h4x0r

I’m currently a systems admin / consultant at a IT firm who looks after the computer systems of small businesses in the UK. IT security is only a tiny part of that job. However I’ve always enjoyed breaking into, getting around, subverting and otherwise hacking things, systems and ideas. In tackling some low-level IT security tasks I reignited my interest in the field and this blog charts my progress in the world of Computer Security, legal Hacking, Penetration Testing, Infosec – whatever you want to call it. As a Windows guy I’m learning about Linux, shell-scripting, python and all the other skills needed in this field.

Tags

Apache Boot-to-Root CTF curl dib Dirbuster FreeBSD Hack The Box Linux mysql NFS Penetration Testing PHP RCE shell VulnHub Wordpress

Categories

© 2019 · NeilSec;