Skip to main content

Posts

[Tutorial] Cracking Windows 7 Password with Physical Access

Hi friends, In some engagements, we can have a physical access to a Windows machine. So, today I'll try to simulate that situation on VMware virtual environment: cracking a Windows 7 password with Kali Linux live CD/DVD. I have to say clearly that I'll show how to crack the password, not change or reset or disable it. I'll use the Windows 7 VMware image from Microsoft website to show you the steps below. Please download the virtual machine if you want: link . Because the above Windows 7 is a 32 bit machine, we have to use the 32 bit Kali Linux. 1. Change the setting of the Windows 7 to use the Kali Linux 32 bit ISO file and choose "Connect at power on": 2. Power on the machine to firmware --> change the boot order --> Save change and reboot: 3. Now, we can boot the machine by Kali Linux, let's browse to the folder Windows\System32\config and open a terminal from that location: 4. From that terminal, fire up ophcrack -->
Recent posts

[Metasploitable 2] Method #3: Bind Shell Backdoor

Hi friends, This post will be short because the vulnerability is very clear and straightforward. As you may know, on my 2nd post on Metasploitable 2 hacking , I used Nessus to confirm the vulnerability found by Nmap. The scan results from Nessus are very interesting! So let's just start by looking at the first one: Bind Shell Backdoor Detection. The detail of this vulnerability says very clear that the Metasploitable 2 machine's shell is listening on port 1524. So let's try to use netcat to connect to port 1524. That's easy, right? We also can see the connection from Kali to Metasploitable 2 on port 1524. Let's move to another way.

[Metasploitable 2] Method #2: Thank to Somebody's Backdoor on vsFTPd 2.3.4

Hi friends, Today, I would like to share another way to hack Metasploitable 2. You might want to checkout my other posts on Metasploitable 2 here . So let's start! Using Nmap NSE to see if there is any vulnerability on port 21:  nmap --script vuln 10.0.2.5 -p21 and I found vsFTPd version 2.3.4 backdoor. For a studying purpose, I want to use Nessus on Kali to confirm the above vulnerability, but couldn't find it. Hmmm, maybe I need to change some parameters on my Nessus scan! However, the results from Nessus are very interesting, and I can use them for future works! Let's use Metasploit to find the correct exploit and make this shit done :) We can confirm a connection from Kali to Metasploitable 2 by a netstat command. Happy hacking!

[Metasploitable 2] Method #1: Meet My Old Friend distccd v1

Hi friends, I would like to share with you how I hack Metasploitable 2 by utilize the distccd v1 vulnerability. These are many bugs in Metasploitable 2 that can help you to hack it. Why I choose distccd? After using NMAP to scan for open ports on Metasploitable 2, I think I might meet an old friend again. I faced up to distccd when playing with Hack The Box's Lame (you can read my write-up on box Lame here ). So, I guess I could use the same technique to hack Metasploitable 2 for the first time. Let's start! Using NMAP to scan for vulnerability on port 3632 :  nmap --script vuln -p3632 192.168.32.129 We got  CVE-2004-2687 ! Fire up Metasploit to search for the appropriate module or you can just use Google:  msf > search type:exploit name:distcc We know what module we have to use and then we can get in the box with the daemon user. How to become root? We have to find a way to escalate our privilege. Let's take a look on this article to know how ca

[Tutorial] Connecting VirtualBox and VMWare guest machines

Hi friends, Today, I would like to share with you how to connect a Windows XP machine on VMWare Workstation Pro with a Kali Linux 2018.3 machine on VirtualBox. You may ask why I have to do this, because VMWare doesn't have any function similar to the "Scale Factor" function in VirtualBox at least in the time of this writing. So, let's get begin. Inside the Setting of Kali Linux, we need to change the Network setting to Host-Only Adapter Before we move to VMWare, let's check the DHCP Server of VirtualBox is enabled: File --> Host Network Manager: On VMWare, go to Edit --> Virtual Network Editor --> Change Settings and change the Setting of the Bridged to "VirtualBox Host-Only Ethernet Adapter:" On the Network Adapter setting of the Windows XP, choose Custom --> VMnet0: After all of those steps, power on both Windows XP and Kali then turn off the Windows XP Firewall and try to see if you can ping fro

[Hack The Box] Lame Write-up

I feel wonderful after solving this box with some hints from a good friend ( MinhTrietPT ) because my method is difference than in the official write-up from Hack The Box . I have to say that I was stuck with this box for 2 weeks. Yeah, now you you know how I'm feeling. As someone say: "enjoy the journey, not the destination." This is very true for me. So. let's get started! First, we use nmap to scan the target: I felt that I need to dig deeper into the port 3632, keep using nmap: Hmm, we have CVE-2004-2687. After googling, we should know which exploit we can use: Wow, we have the shell, but...but... with the daemon user, we cannot read the flag files. We have to learn about Linux Privilege Escalation here. Using this command for enumeration: " find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} \; 2>/dev/null ", what we can find:  Do you see nmap? Do you see what permission of nmap? Let use this co

[Monthly review] July 2018

I would like to start the monthly review to keep track my journey into Cybersecurity and Pentesting. I think the most important things I have done last month (July 2018) were start practicing on Hack The Box and join the local Pwn School meetup. I have some things which I like and dislike about Hack The Box. At the beginning, I chose Hack The Box over Vulnhub was Hack The Box lists all of its labs/machines along with their difficulty level. That help me a lot as a beginner in Pentesting and I decided to hack all of its Easy labs first. I already finished Legacy and Blue, and stuck at Lame because I can't escalate my privilege from daemon user to root user. Now, I'm reading about Linux Escalation to overcome this obstacle. I also read the write-up and realized they used another vulnerability to hack this box. But, I want to learn and challenge myself so now I'm stopping at Lame. However, Hack The Box's lab not always available. So, I'm thinking about switching to