{"id":17117,"date":"2023-09-21T08:42:07","date_gmt":"2023-09-21T08:42:07","guid":{"rendered":"https:\/\/cybercrime.rs\/?p=17117"},"modified":"2023-09-21T09:45:35","modified_gmt":"2023-09-21T09:45:35","slug":"pentesting-simulation-for-oscp-practice","status":"publish","type":"post","link":"https:\/\/cybercrime.rs\/en\/2023\/09\/21\/pentesting-simulation-for-oscp-practice\/","title":{"rendered":"Pentesting Simulation for OSCP practice"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"17117\" class=\"elementor elementor-17117\">\n\t\t\t\t\t\t\t\t\t<section class=\"has_ae_slider elementor-section elementor-top-section elementor-element elementor-element-701919ba elementor-section-boxed elementor-section-height-default elementor-section-height-default ae-bg-gallery-type-default\" data-id=\"701919ba\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f5c2278 ae-bg-gallery-type-default\" data-id=\"1f5c2278\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-49cb7dd elementor-widget elementor-widget-spacer\" data-id=\"49cb7dd\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-column .elementor-spacer-inner{height:var(--spacer-size)}.e-container{--container-widget-width:100%}.e-container>.elementor-widget-spacer{width:var(--container-widget-width,var(--spacer-size));-ms-flex-item-align:stretch;align-self:stretch;-ms-flex-negative:0;flex-shrink:0}.e-container>.elementor-widget-spacer>.elementor-widget-container,.e-container>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer{height:100%}.e-container>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer>.elementor-spacer-inner{height:var(--container-widget-height,var(--spacer-size))}<\/style>\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-daf039e elementor-widget elementor-widget-author-box\" data-id=\"daf039e\" data-element_type=\"widget\" data-widget_type=\"author-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<link rel=\"stylesheet\" href=\"https:\/\/cybercrime.rs\/wp-content\/plugins\/elementor-pro\/assets\/css\/widget-theme-elements.min.css\">\t\t<div class=\"elementor-author-box\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/in\/antonio-gabor29\/\" target=\"_blank\" class=\"elementor-author-box__avatar\">\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/06\/antonio-195x300.png\" alt=\"Antonio Gabor\">\n\t\t\t\t<\/a>\n\t\t\t\n\t\t\t<div class=\"elementor-author-box__text\">\n\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/in\/antonio-gabor29\/\" target=\"_blank\">\n\t\t\t\t\t\t<h4 class=\"elementor-author-box__name\">\n\t\t\t\t\t\t\tAntonio Gabor\t\t\t\t\t\t<\/h4>\n\t\t\t\t\t<\/a>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-author-box__bio\">\n\t\t\t\t\t\t<p>Certified Ethical Hacker and Network Security Engineer<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6a4af0f elementor-widget elementor-widget-spacer\" data-id=\"6a4af0f\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c0e67a4 elementor-widget elementor-widget-image\" data-id=\"c0e67a4\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1140\" height=\"570\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/1.png\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-94e4d13 elementor-widget elementor-widget-spacer\" data-id=\"94e4d13\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-63ef593 elementor-widget elementor-widget-text-editor\" data-id=\"63ef593\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#818a91;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#818a91;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<!-- wp:paragraph -->\n<p>Today, we&#8217;re diving headfirst into an adrenaline-pumping tale that unveils the <span style=\"color: #ffffff;\">enigmatic world of penetration testing<\/span>, where virtual battlegrounds hold the keys to unravelling security mysteries. So, strap in as we navigate through the intricacies of a <span style=\"color: #ffffff;\">pen-testing simulation<\/span> like no other, one that has become a rite of passage for those who dare to wield the prowess of a true cybersecurity virtuoso &#8211; the unofficial Offensive Security Certified Professional (OSCP) training curriculum.<\/p>\n<p>In this captivating instalment, we&#8217;ll be peeling back the layers of my voyage, venturing deep into the heart of <span style=\"color: #ffffff;\">OSCP&#8217;s clandestine challenges<\/span>.<\/p>\n<p>Picture this: a realm where firewalls and encryption stand as virtual fortresses, their digital ramparts begging to be stormed by intrepid hackers armed with cunning and skill. It&#8217;s an odyssey that unfolds like a symphony of code-breaking, network-dancing, and vulnerability-unearthing, all set against the backdrop of a training course that separates the security novices from the true sentinels of the digital age.<\/p>\n<p>But why, you may ask, is this journey so crucial? The answer lies in the very essence of cybersecurity &#8211; <span style=\"color: #ffffff;\">the art of staying a step ahead of those who seek to exploit vulnerabilities for malicious gain<\/span>. As we immerse ourselves in the narrative of this pentesting simulation, we&#8217;ll come to understand the intricacies of white-hat hacking, where we wield our digital swords not for malevolent purposes, but to fortify the walls of our digital fortresses against the ever-looming shadows of cyber threats.<\/p>\n<p>I pretty much own all my penetration testing knowledge to gamified learning with websites like <span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/www.hackthebox.com\/\" target=\"_blank\" rel=\"noopener\">hackthebox<\/a><\/span> and <span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/tryhackme.com\/\" target=\"_blank\" rel=\"noopener\">tryhackme<\/a><\/span> which I highly recommend. Another brilliant course is from <span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/academy.tcm-sec.com\/\" target=\"_blank\" rel=\"noopener\">TCM academy<\/a><\/span> called <span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/academy.tcm-sec.com\/p\/practical-ethical-hacking-the-complete-course\" target=\"_blank\" rel=\"noopener\">Practical Penetration Testing<\/a><\/span> and there is also a free version of the same that can be found on youtube.<\/p>\n<p>\u00a0<\/p>\n<p>We have selected a first in line from the infamous NetSecFocus Trophy Room <span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/docs.google.com\/spreadsheets\/d\/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8\/edit#gid=0\" target=\"_blank\" rel=\"noopener\">list<\/a>.<\/span><\/p>\n<p>This vulnerable machine is called DC 9 and can be freely downloaded from <a href=\"https:\/\/www.vulnhub.com\/entry\/dc-9,412\/\" target=\"_blank\" rel=\"noopener\">vulnhub<\/a>. Vulnhub is a repository of vulnerable virtual machines that can easily be deployed using hypervisors like VirtualBox and VMware. <span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/www.vulnhub.com\/entry\/dc-9,412\/\" target=\"_blank\" rel=\"noopener\">DC-9<\/a> <\/span>is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.<\/p>\n<p>\u00a0<\/p>\n<p>The <span style=\"color: #ffffff;\">ultimate goal<\/span> of this challenge is to <span style=\"color: #ffffff;\">get root and read the only flag<\/span>.<\/p>\n<p>\u00a0<\/p>\n<p>The first step is to deploy the machine in your penetrations testing lab where your offensive client resides, by importing it with your favourite hypervisor.<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-69062da elementor-widget elementor-widget-spacer\" data-id=\"69062da\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-919114b elementor-widget elementor-widget-image\" data-id=\"919114b\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1002\" height=\"766\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/2.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-be49343 elementor-widget elementor-widget-spacer\" data-id=\"be49343\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ff7bcf1 elementor-widget elementor-widget-text-editor\" data-id=\"ff7bcf1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Once the machine is imported, we can initiate the first boot by powering on the vulnerable lab. I have experienced some difficulties where I had to disable USB 2.0 and change the network adapter to Internal-Host only, however after those it was smooth sailing. Let us dive in.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1226eec elementor-widget elementor-widget-spacer\" data-id=\"1226eec\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ddbd15f elementor-widget elementor-widget-text-editor\" data-id=\"ddbd15f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #ffffff;\">Network Enumeration<\/span><\/p>\n<p>When performing a penetration test we must be aware of the network surrounding, and using a trusty network mapper called Nmap we can do just that. Network enumeration is the first step in our active reconnaissance, and below is the command we used. Note: Your virtual network might differ!<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #c2c0b8;\"># nmap -sn 192.168.56.0\/24<\/span><br \/><br \/><\/p>\n<p>And we have discovered our target IP address.<\/p>\n<p><span style=\"color: #c2c0b8;\">MAC Address: 08:00:27:5C:31:61 (Oracle VirtualBox virtual NIC)<\/span><\/p>\n<p>\u00a0<\/p>\n<p>From there we perform version scanning and Aggressive enumeration using Nmap switches -sV and -A<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0fb1132 elementor-widget elementor-widget-spacer\" data-id=\"0fb1132\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d7ee58b elementor-widget elementor-widget-image\" data-id=\"d7ee58b\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"462\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/3-1024x462.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cce5cf2 elementor-widget elementor-widget-spacer\" data-id=\"cce5cf2\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5e8d4b elementor-widget elementor-widget-text-editor\" data-id=\"b5e8d4b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>From the above, we can conclude that this machine is running some kind of web server on port 80 and also has a ssh port that seems to be filtered. Further, we discover headers on port 80 enumerating the version of the Apache httpd service version 2.4.38 that score us low-level finding of information disclosure. Further, browsing the HTTP service reveals a search bar that we can further enumerate for possible SQL injections.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1dc073f elementor-widget elementor-widget-spacer\" data-id=\"1dc073f\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cac95b4 elementor-widget elementor-widget-image\" data-id=\"cac95b4\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"810\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/4-1024x810.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-601e775 elementor-widget elementor-widget-spacer\" data-id=\"601e775\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1631a64 elementor-widget elementor-widget-text-editor\" data-id=\"1631a64\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Using a Fuzzing tool called wfuzz we can search for directories and files on the target website.<\/p>\n<p>While using \u2013hc to hush all not found responses and return only interesting ones.<\/p>\n<p>The syntax is as follows:<\/p>\n<p><span style=\"color: #c2c0b8;\"><em>wfuzz -c -z file,\/usr\/share\/seclists\/Discovery\/Web-Content\/raft-large-files.txt &#8211;hc 404 &#8220;$URL&#8221;<\/em><\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-af82996 elementor-widget elementor-widget-spacer\" data-id=\"af82996\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e79420e elementor-widget elementor-widget-image\" data-id=\"e79420e\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"843\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/5-1024x843.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8118809 elementor-widget elementor-widget-spacer\" data-id=\"8118809\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-85be83c elementor-widget elementor-widget-text-editor\" data-id=\"85be83c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>And we were able to discover quite a few HTTP response codes 200 which return working responses.<\/p>\n<p><br \/>To manually try a few SQL injections we will be abusing SQL logic where an apostrophe breaks the sequence and logic OR where 1=1 is true will return effectively all results.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-32ba133 elementor-widget elementor-widget-spacer\" data-id=\"32ba133\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82f0878 elementor-widget elementor-widget-image\" data-id=\"82f0878\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"476\" height=\"235\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/6.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d4babd6 elementor-widget elementor-widget-spacer\" data-id=\"d4babd6\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4df9d88 elementor-widget elementor-widget-text-editor\" data-id=\"4df9d88\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>We will be using Burp Suite which is a web vulnerability scanner and security testing tool used by professionals to find and fix security issues in web applications. It helps with tasks like intercepting traffic, automated scanning for vulnerabilities, manual testing, and more.<\/p>\n<p>\u00a0<\/p>\n<p>To closer inspect this request in the backend we have fired up the Burp Suite free community edition and turned our intercept to ON.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d6b1ca elementor-widget elementor-widget-spacer\" data-id=\"4d6b1ca\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-305f94e elementor-widget elementor-widget-image\" data-id=\"305f94e\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"545\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/7-1024x545.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-de3b07c elementor-widget elementor-widget-spacer\" data-id=\"de3b07c\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6cb097f elementor-widget elementor-widget-text-editor\" data-id=\"6cb097f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>You can observe that the search parameter is being passed to the backend of the server together with some URL encoding. We will save this request to a file named req and try to utilize sqlmap to automate injection testing. We have adjusted the value of the search parameter to FUZZME.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #c2c0b8;\"><em>sqlmap -r req &#8211;dump &#8211;batch &#8211;dbms=mysql \u2013dbs<\/em><\/span><\/p>\n<p><em>\u00a0<\/em><\/p>\n<p>Et Voila!<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e66c3c elementor-widget elementor-widget-spacer\" data-id=\"2e66c3c\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-023e52b elementor-widget elementor-widget-image\" data-id=\"023e52b\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"211\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/8-1-1024x211.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-be8500f elementor-widget elementor-widget-spacer\" data-id=\"be8500f\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-99f35f2 elementor-widget elementor-widget-text-editor\" data-id=\"99f35f2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Now we see there is an additional database called users so we will try to dump that as well.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-833f3be elementor-widget elementor-widget-spacer\" data-id=\"833f3be\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-668823d elementor-widget elementor-widget-image\" data-id=\"668823d\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/9-1024x584.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c31e8f0 elementor-widget elementor-widget-spacer\" data-id=\"c31e8f0\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e105977 elementor-widget elementor-widget-text-editor\" data-id=\"e105977\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>As we can observe this dump contains all users and passwords that are located on this machine<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd16486 elementor-widget elementor-widget-spacer\" data-id=\"cd16486\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-abafc10 elementor-widget elementor-widget-image\" data-id=\"abafc10\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"297\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/10-1024x297.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a43815 elementor-widget elementor-widget-spacer\" data-id=\"4a43815\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f09715c elementor-widget elementor-widget-text-editor\" data-id=\"f09715c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>We have obtained a hash for the user admin of the database which can be further offline cracked, and with a bit of luck on crackstation.net it has already been cracked.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ab1c961 elementor-widget elementor-widget-spacer\" data-id=\"ab1c961\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-edff611 elementor-widget elementor-widget-image\" data-id=\"edff611\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"71\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/11-1024x71.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1adc3a5 elementor-widget elementor-widget-spacer\" data-id=\"1adc3a5\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33420bb elementor-widget elementor-widget-text-editor\" data-id=\"33420bb\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>These credentials worked to give us admin access to the website with the new ability to add Records to the database. This is something that potentially can be further exploited.<\/p>\n<p>\u00a0<\/p>\n<p>However, there is another avenue to explore and that is further fuzzing! Now we will be performing authenticated fuzzing with a valid session id. We can utilize Burp Suite and intercept our session thus retrieving the session id.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #c2c0b8;\">wfuzz -c -z file,\/usr\/share\/seclists\/Discovery\/Web-Content\/burp-parameter-names.txt &#8211;hc 404 &#8211;hh 963 -b &#8220;PHPSESSID=3drg6phqektbs84st5p3u6rctv&#8221; &#8220;$URL&#8221;<\/span><\/p>\n<p>To better understand the attack vector, a PHP parameter is a value passed to a PHP script or function in web development. It can be part of the URL (query string) or submitted via a form. Query string parameters are visible in the URL (e.g., <span style=\"color: #c2c0b8;\">example.com\/page.php?name=John<\/span>), while form parameters are included in the request&#8217;s body<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd181ca elementor-widget elementor-widget-spacer\" data-id=\"cd181ca\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-631bac5 elementor-widget elementor-widget-image\" data-id=\"631bac5\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"222\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/12-1024x222.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c12348 elementor-widget elementor-widget-spacer\" data-id=\"1c12348\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-472192a elementor-widget elementor-widget-text-editor\" data-id=\"472192a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Wfuzz has returned a successful response for the parameter file.<\/p>\n<p>\u00a0<\/p>\n<p>Let us try some directory traversal while abusing this newly discovered parameter.<\/p>\n<p><span style=\"color: #c2c0b8;\">http:\/\/192.168.56.110\/welcome.php?file=..\/..\/..\/..\/..\/..\/etc\/passwd<\/span><\/p>\n<p>Bingo!<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3af3209 elementor-widget elementor-widget-spacer\" data-id=\"3af3209\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-978047e elementor-widget elementor-widget-image\" data-id=\"978047e\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"201\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/13-1-1024x201.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6fe080 elementor-widget elementor-widget-text-editor\" data-id=\"a6fe080\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This seems to be Local file inclusion.<\/p>\n<p>\u00a0<\/p>\n<p>Further attempting to obtain \/etc\/knockd.conf, we have recovered yet another file.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cdadaf0 elementor-widget elementor-widget-spacer\" data-id=\"cdadaf0\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f8aa8d elementor-widget elementor-widget-image\" data-id=\"2f8aa8d\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"100\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/14-1024x100.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5bdb7a7 elementor-widget elementor-widget-spacer\" data-id=\"5bdb7a7\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-122900d elementor-widget elementor-widget-text-editor\" data-id=\"122900d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This is very valuable as it contains a sequence that will be used for port knocking.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #ffffff;\"><strong>Port Knocking<\/strong><\/span>\u00a0is a method of externally opening\u00a0<span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/en.wikipedia.org\/wiki\/TCP_and_UDP_port\" target=\"_blank\" rel=\"noopener\">ports<\/a>\u00a0<\/span>on a\u00a0<span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Firewall_(networking)\" target=\"_blank\" rel=\"noopener\">firewall<\/a>\u00a0<\/span>by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s).<\/p>\n<p>\u00a0<\/p>\n<p>We will be using a siren security <span style=\"color: #e3b969;\"><a style=\"color: #e3b969;\" href=\"https:\/\/sirensecurity.io\/blog\/port-knocking\/\" target=\"_blank\" rel=\"noopener\">script<\/a> <\/span>for port knocking.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-300bc69 elementor-widget elementor-widget-spacer\" data-id=\"300bc69\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ddb4ea elementor-widget elementor-widget-image\" data-id=\"1ddb4ea\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"729\" height=\"187\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/15.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6fb703 elementor-widget elementor-widget-spacer\" data-id=\"c6fb703\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13a9821 elementor-widget elementor-widget-text-editor\" data-id=\"13a9821\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>We have successfully executed port knocking attack and the previously filtered ssh port is now open! Now that is what I call magic.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ebb6610 elementor-widget elementor-widget-spacer\" data-id=\"ebb6610\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ad20c7f elementor-widget elementor-widget-image\" data-id=\"ad20c7f\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"303\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/16-1024x303.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f4ee490 elementor-widget elementor-widget-spacer\" data-id=\"f4ee490\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7af24c8 elementor-widget elementor-widget-text-editor\" data-id=\"7af24c8\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>As we have earlier discovered database with usernames and passwords we can perform password spraying attack while utilizing a tool called Hydra with the below command<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #c2c0b8;\">sudo hydra -L usr -P passwords ssh:\/\/192.168.56.110<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0daf341 elementor-widget elementor-widget-spacer\" data-id=\"0daf341\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd682bb elementor-widget elementor-widget-image\" data-id=\"cd682bb\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"89\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/17-1024x89.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4854209 elementor-widget elementor-widget-spacer\" data-id=\"4854209\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18e7b17 elementor-widget elementor-widget-text-editor\" data-id=\"18e7b17\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>And we have a winner at last!<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-25d182c elementor-widget elementor-widget-spacer\" data-id=\"25d182c\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd0358a elementor-widget elementor-widget-image\" data-id=\"cd0358a\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"283\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/18-1024x283.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b95ad8c elementor-widget elementor-widget-spacer\" data-id=\"b95ad8c\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2497e0f elementor-widget elementor-widget-text-editor\" data-id=\"2497e0f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This is a low-privileged user so we will have to look for another user with sudoers privileges.<\/p>\n<p>Going through users we find that the user janitor has an interesting directory containing yet another password file. This feels like a treasure hunt at this stage.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d4cb719 elementor-widget elementor-widget-spacer\" data-id=\"d4cb719\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-505606a elementor-widget elementor-widget-image\" data-id=\"505606a\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"186\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/19-1024x186.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-00b3289 elementor-widget elementor-widget-spacer\" data-id=\"00b3289\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8396713 elementor-widget elementor-widget-text-editor\" data-id=\"8396713\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Nice, so once again we can attempt to password spray with Hydra to see if any new credentials are valid<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6a67802 elementor-widget elementor-widget-spacer\" data-id=\"6a67802\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a4b5f3 elementor-widget elementor-widget-image\" data-id=\"4a4b5f3\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"65\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/20-1024x65.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d430769 elementor-widget elementor-widget-spacer\" data-id=\"d430769\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c0d2276 elementor-widget elementor-widget-text-editor\" data-id=\"c0d2276\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>And we have a new user credential!<\/p>\n<p>\u00a0<\/p>\n<p>Immediately we try to see if he has any sudo privileges and we have struck gold!<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-94fabc0 elementor-widget elementor-widget-spacer\" data-id=\"94fabc0\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-711796a elementor-widget elementor-widget-image\" data-id=\"711796a\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"111\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/21-1024x111.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e7eb5c2 elementor-widget elementor-widget-spacer\" data-id=\"e7eb5c2\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d81fe0 elementor-widget elementor-widget-text-editor\" data-id=\"4d81fe0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Seems that anything in the test folder can be run with root privileges.<\/p>\n<p>Let us discover what lies within this folder.<\/p>\n<p>\u00a0<\/p>\n<p>It seems that a file is meant to be run as test.py<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-35bf8f5 elementor-widget elementor-widget-spacer\" data-id=\"35bf8f5\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-02634f3 elementor-widget elementor-widget-image\" data-id=\"02634f3\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"708\" height=\"73\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/22.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a54244 elementor-widget elementor-widget-spacer\" data-id=\"3a54244\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6e8e764 elementor-widget elementor-widget-text-editor\" data-id=\"6e8e764\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Let us find test.py and explore what it does. Below is the output from the Python script which takes the first file as an argument and appends the second file to it.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0770c72 elementor-widget elementor-widget-spacer\" data-id=\"0770c72\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ed18d69 elementor-widget elementor-widget-image\" data-id=\"ed18d69\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"757\" height=\"513\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/23.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fa5374e elementor-widget elementor-widget-spacer\" data-id=\"fa5374e\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-956b78c elementor-widget elementor-widget-text-editor\" data-id=\"956b78c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>We can be creative and exploit this trust and the fact it can be run as a root.<\/p>\n<p>Firstly, we will create a file called offset using the touch command and echo the below line into it.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #c2c0b8;\"><em>touch offset<\/em><\/span><\/p>\n<p><span style=\"color: #c2c0b8;\"><em>echo &#8216;siren:$1$\/UTMXpPC$Wrv6PM4eRHhB1\/m1P.t9l.:0:0:siren:\/home\/siren:\/bin\/bash&#8217; &gt; offsec<\/em><\/span><\/p>\n<p>\u00a0<\/p>\n<p>If we use sudo on the test binary with the first argument being a new user formatted in passwd style, and further second argument being \/etc\/passwd we will be able to add a new user with root privileges.<\/p>\n<p>\u00a0<\/p>\n<p><span style=\"color: #c2c0b8;\"><em>$ sudo \/opt\/devstuff\/dist\/test\/test \/var\/tmp\/offsec \/etc\/passwd<\/em><\/span><\/p>\n<p>\u00a0<\/p>\n<p>And surely enough we could execute this and we have inserted our rouge user.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79397f1 elementor-widget elementor-widget-spacer\" data-id=\"79397f1\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f856c5 elementor-widget elementor-widget-image\" data-id=\"2f856c5\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"41\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/24-1024x41.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dea14ff elementor-widget elementor-widget-spacer\" data-id=\"dea14ff\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ef89b2e elementor-widget elementor-widget-text-editor\" data-id=\"ef89b2e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>And just like that, we have become root users! Game over!<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1a7ab68 elementor-widget elementor-widget-spacer\" data-id=\"1a7ab68\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b61a2fc elementor-widget elementor-widget-image\" data-id=\"b61a2fc\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"499\" height=\"96\" src=\"https:\/\/cybercrime.rs\/wp-content\/uploads\/2023\/09\/25.png\" class=\"attachment-large size-large\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1bf7f37 elementor-widget elementor-widget-spacer\" data-id=\"1bf7f37\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bf77bf9 elementor-widget elementor-widget-text-editor\" data-id=\"bf77bf9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>In conclusion, my journey through the world of penetration testing, as illustrated by the exploration of the DC-9 vulnerable machine, has been a riveting adventure into the realm of cybersecurity. This narrative has taken us through the fundamental steps of reconnaissance, vulnerability discovery, exploitation, and privilege escalation. From network enumeration using Nmap to uncovering SQL injection vulnerabilities, leveraging directory traversal, and implementing port knocking, each technique has demonstrated the complexity and diversity of challenges within this domain, and linking them together to create a kill chain.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a80552 elementor-widget elementor-widget-spacer\" data-id=\"4a80552\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bcd03f6 elementor-blockquote--skin-border elementor-blockquote--button-color-official elementor-widget elementor-widget-blockquote\" data-id=\"bcd03f6\" data-element_type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor-pro - v3.7.7 - 20-09-2022 *\/\n@charset \"UTF-8\";.entry-content blockquote.elementor-blockquote:not(.alignright):not(.alignleft),.entry-summary blockquote.elementor-blockquote{margin-right:0;margin-left:0}.elementor-widget-blockquote blockquote{margin:0;padding:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;quotes:none;border:0;font-style:normal;color:#55595c}.elementor-widget-blockquote blockquote:after,.elementor-widget-blockquote blockquote:before,.elementor-widget-blockquote blockquote cite:after,.elementor-widget-blockquote blockquote cite:before,.elementor-widget-blockquote blockquote footer:after,.elementor-widget-blockquote blockquote footer:before{content:\"\";content:none}.elementor-blockquote{-webkit-transition:.3s;-o-transition:.3s;transition:.3s}.elementor-blockquote__author,.elementor-blockquote__content{margin-bottom:0;font-style:normal}.elementor-blockquote__author{font-weight:700}.elementor-blockquote footer{margin-top:12px;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.elementor-blockquote__tweet-button{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-transition:.3s;-o-transition:.3s;transition:.3s;color:#1da1f2;-ms-flex-item-align:end;align-self:flex-end;line-height:1;position:relative;width:-webkit-max-content;width:-moz-max-content;width:max-content}.elementor-blockquote__tweet-button:hover{color:#0967a0}.elementor-blockquote__tweet-button span{font-weight:600}.elementor-blockquote__tweet-button i,.elementor-blockquote__tweet-button span{vertical-align:middle}.elementor-blockquote__tweet-button i+span,.elementor-blockquote__tweet-button svg+span{margin-left:.5em}.elementor-blockquote__tweet-button svg{fill:#1da1f2;height:1em;width:1em}.elementor-blockquote__tweet-label{white-space:pre-wrap}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button{padding:.7em 1.2em;border-radius:100em;background-color:#1da1f2;color:#fff;font-size:15px}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button:hover,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button:hover{background-color:#0967a0;color:#fff}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button:hover:before,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button:hover:before{border-right-color:#0967a0}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button svg,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button svg{fill:#fff;height:1em;width:1em}.elementor-blockquote--button-skin-bubble.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button,.elementor-blockquote--button-skin-classic.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button{padding:0;width:2em;height:2em}.elementor-blockquote--button-skin-bubble.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button i,.elementor-blockquote--button-skin-classic.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button i{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button:before{content:\"\";border:.5em solid transparent;border-right-color:#1da1f2;position:absolute;left:-.8em;top:50%;-webkit-transform:translateY(-50%) scaleY(.65);-ms-transform:translateY(-50%) scaleY(.65);transform:translateY(-50%) scaleY(.65);-webkit-transition:.3s;-o-transition:.3s;transition:.3s}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-left .elementor-blockquote__tweet-button:before{right:auto;left:-.8em;border-right-color:#1da1f2;border-left-color:transparent}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-left .elementor-blockquote__tweet-button:hover:before{border-right-color:#0967a0}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-right .elementor-blockquote__tweet-button:before{left:auto;right:-.8em;border-right-color:transparent;border-left-color:#1da1f2}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-right .elementor-blockquote__tweet-button:hover:before{border-left-color:#0967a0}.elementor-blockquote--skin-boxed .elementor-blockquote{background-color:#e6e9ec;padding:30px}.elementor-blockquote--skin-border .elementor-blockquote{border-color:#e6e9ec;border-left:7px #e6e9ec;border-style:solid;padding-left:20px}.elementor-blockquote--skin-quotation .elementor-blockquote:before{content:\"\u201c\";font-size:100px;color:#e6e9ec;font-family:Times New Roman,Times,serif;font-weight:900;line-height:1;display:block;height:.6em}.elementor-blockquote--skin-quotation .elementor-blockquote__content{margin-top:15px}.elementor-blockquote--align-left .elementor-blockquote__content{text-align:left}.elementor-blockquote--align-left .elementor-blockquote footer{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.elementor-blockquote--align-right .elementor-blockquote__content{text-align:right}.elementor-blockquote--align-right .elementor-blockquote footer{-webkit-box-orient:horizontal;-webkit-box-direction:reverse;-ms-flex-direction:row-reverse;flex-direction:row-reverse}.elementor-blockquote--align-center .elementor-blockquote{text-align:center}.elementor-blockquote--align-center .elementor-blockquote__author,.elementor-blockquote--align-center .elementor-blockquote footer{display:block}.elementor-blockquote--align-center .elementor-blockquote__tweet-button{margin-right:auto;margin-left:auto}<\/style>\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tCertainly, protecting against the vulnerabilities and techniques outlined in this article is crucial to maintaining a secure digital environment.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e6ec8d2 elementor-widget elementor-widget-spacer\" data-id=\"e6ec8d2\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9dec61a elementor-widget elementor-widget-text-editor\" data-id=\"9dec61a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Here are some <span style=\"color: #ead181;\">recommendations <\/span>to enhance your defense against these threats:<\/p>\n<ol>\n<li><span style=\"color: #ffffff;\">Regular Patching and Updates:<\/span> Keep all your systems, applications, and plugins up to date with the latest security patches. Regularly update your operating system and software to address known vulnerabilities.<\/li>\n<li><span style=\"color: #ffffff;\">Web Application Security:<\/span>\n<ul>\n<li>Employ input validation and sanitization techniques to prevent SQL injection and other injection attacks.<\/li>\n<li>Use a Web Application Firewall (WAF) to detect and block malicious traffic.<\/li>\n<li>Follow secure coding practices and utilize frameworks that have built-in security features.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Secure Network Configuration:<\/span>\n<ul>\n<li>Implement proper firewall rules and configurations to prevent unauthorized access.<\/li>\n<li>Regularly review network perimeter settings and ensure minimal exposure to critical services.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">User Authentication and Password Management:<\/span>\n<ul>\n<li>Enforce strong password policies, including complexity and rotation requirements.<\/li>\n<li>Encourage multi-factor authentication (MFA) for user accounts to add an extra layer of security.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Directory Traversal Protection:<\/span>\n<ul>\n<li>Validate and sanitize user inputs to prevent directory traversal attacks.<\/li>\n<li>Set strict permissions on sensitive files and directories to limit access.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Port Knocking:<\/span>\n<ul>\n<li>Consider using more secure methods of remote access, such as VPNs, instead of relying solely on port knocking.<\/li>\n<li>If using port knocking, implement it carefully and avoid easily guessable sequences.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Password Spraying Prevention:<\/span>\n<ul>\n<li>Implement account lockout policies to thwart brute-force attacks.<\/li>\n<li>Monitor and detect unusual login patterns that could indicate malicious activity.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Privilege Escalation Mitigation:<\/span>\n<ul>\n<li>Implement the principle of least privilege to restrict user access only to what is necessary for their roles.<\/li>\n<li>Regularly review and audit user privileges to prevent unauthorized escalation.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Regular Security Assessments:<\/span>\n<ul>\n<li>Conduct regular security assessments, including penetration testing and vulnerability scanning, to identify and address weaknesses.<\/li>\n<li>Engage in ethical hacking to proactively discover vulnerabilities before malicious actors exploit them.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Employee Training and Awareness:<\/span>\n<ul>\n<li>Train your employees on security best practices and raise awareness about common attack vectors.<\/li>\n<li>Encourage a culture of reporting and addressing potential security incidents promptly.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Monitoring and Incident Response:<\/span>\n<ul>\n<li>Implement robust real-time monitoring solutions to detect and respond to suspicious activities.<\/li>\n<li>Develop an incident response plan to swiftly address security breaches and minimize damage.<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #ffffff;\">Secure Coding Practices:<\/span>\n<ul>\n<li>Train developers to follow secure coding practices, including input validation, output encoding, and using prepared statements to prevent injection attacks.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>By implementing these recommendations, you can significantly bolster your organization&#8217;s defenses against the techniques demonstrated in the penetration testing journey and maintain a more resilient and secure digital environment.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fba2519 elementor-widget elementor-widget-spacer\" data-id=\"fba2519\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9bfbd6e elementor-blockquote--skin-border elementor-blockquote--button-color-official elementor-widget elementor-widget-blockquote\" data-id=\"9bfbd6e\" data-element_type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tStay vigilant and stay safe!\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>An adrenaline-pumping tale that unveils the enigmatic world of penetration testing<\/p>","protected":false},"author":1,"featured_media":9975,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":""},"categories":[30],"tags":[],"class_list":["post-17117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/17117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/comments?post=17117"}],"version-history":[{"count":22,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/17117\/revisions"}],"predecessor-version":[{"id":17169,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/17117\/revisions\/17169"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/media\/9975"}],"wp:attachment":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/media?parent=17117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/categories?post=17117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/tags?post=17117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}