Do things a little bit different if you find a way that works for you

 Ok so today's is one of those things where I am not proud it took so long but I am proud that I finally came up with a solution. 


On pentesterlab I have been trying for a couple hours to use burp repeater to do a file upload injection but for some reason it wouldn't work. So, I decided to switch to using OWASP Zap to try on that tool and it didn't work.  I started getting frustrated and decided I would step back and try and think about a different way to do things.

Then I realized all I was trying to do was rename a file from test.php to test.php3 and upload it and repeater was just stopping me from having to rewrite the file on my desktop. SO, I figured I had already written the php code, so I went in copied what was in the file and created a new file with the test.php3 name and uploaded it the regular way. Now I know this is not the way pentesterlab has it set up BUT....

I would argue this. I spent probably 3 hours trying to do it their way. And time and again in the learning material you hear people say that sometimes you have to figure out a way to achieve the hack, and that, how you hack will not always be how someone else hacks.

So, if I were on a job and I couldn't figure out one way, but I knew another way that would take me less time and achieve the same results, don't you think my employer/client would want the one that achieved the results in the timeliest manner so I could move onto the next objective. 


I would argue that a hacker's real job isn't to copy and paste what other people have done to get a result but rather to achieve the objective any way that makes sense to them. copy and pasting that code took me less than 2 minutes in VI. then uploading to objective whereas trying it the other way took up 3 hours. So, in the future my plan is to learn what the core of being taught, learn the objective so that way I can learn the next thing and not get hung up on exact methods. Now it frees me up to learn more, achieve the next objective and consult someone a little more knowledgeable on what i was doing wrong when I get the chance. 


One thing I am trying to get is use my notes and screenshots to be able to show exactly what I am talking about with my lessons, but I need to get better using the tools and its hard cause I use 2 different computers so for now I am just writing the lessons I learn every day and sharing my struggles.


Don't get stagnant, move forward  

Comments

Post a Comment

Popular posts from this blog

LLMNR

Image
Here we learn a little about LLMNR. So here is a description of the attack. I think the key here is that it provides the hash. These days anytime you can get a hash it's a win. Even if its long and complex, hash cracking tools are a 3 second google search.  I like graphics like this cause to be honest, even if I know how to attack it I am not always sure how to mitigate what I am doing. Its why I like learning what is behind the scenes. In the next few posts, I am going to show some mitigation techniques the course brought up and the reason for that is it really helped me start to think about how to mitigate. Again, I will not be sharing everything and if you want to learn more, please go check out  TCM Security . This has really been a great course to get my brain thinking in ways to help businesses.  And here are their recommendations for mitigation. And this is just to get your brain in the mode of mitigation. Remember we are doing this to help businesses not just to d...
Read more

More mitigations

Image
 So like I said we are going over mitigations and I grabbed a couple slides and while this is not everything, I grabbed ones that helped to spark a thought process and understand how mitigation can be performed. Now we started with SMB Relay because we were told its one of the most exploited vulnerabilities. Really until this slide I was thinking "if it's such a known vulnerability why is it still being used?" And seeing this slide with the pros and cons made me realize certain things need to be used and our job as security professionals can't be just to shut down everything that can be exploited but rather make things as safe as possible so that our companies can still be as productive as possible while being as safe as possible. Now I always thought I knew strong passwords but in taking this course I found out just how easy password cracking is. So, 14 or more characters and make it complex.  Capital, Lowercase, Numbers, Special Characters, stay away from common wor...
Read more

Overwrite and BadChars

Image
 I wrote a script for Bad chars and show how I overwrite the program. This is all leading up to finding the right module and then gaining shellcode. Exploit Development is defiantly something I want to take some more time to get to know. I plan on going through these videos at least one more time.  So a couple things to remember is take out "\x00" and make sure you wrap it in "()" Here is the first code I wrote And here is the correct code. Anyone catch the mistake? Thats right line 9 I forgot to change.  Now remember like with all the lessons before we are running both vulnserver and immunity debugger as admin. Attaching vulnserver  to Immunity Debugger and pressing play. The goal is to overflow the buffer space and through the EBP (Extended Base Pointer) and into the EIP (Extended Base Pointer Instructional Pointer). Which is where we will be placing the malicious code.  And as you can see it is now paused meaning we gained overflow and crashed the machine....
Read more