Security lab

Information security is a subject in cyber-world which we can’t think away anymore. Data breaches can cost millions when sensitive information is leaked on the Internet. Zero-day exploits pop up for sale every day in deep web forums in return for Bitcoins. However, few exploits are disclosed in public domain once the vulnerability is patched by the vendor. This past year, we had over 6400 common vulnerabilities and exposures which were issued a CVE ID. There were few major bug fixes by the vendors serving backbone of the Internet. Here is the list of top 10 security vulnerabilities which came to light this year. 1. Dirty Cow (CVE-2016-5195) Discovered by Phil Oester,  Dirty Cow , is a kernel vulnerability that allows any unprivileged existing user to escalate its privilege to root. Root is the highest privilege on any UNIX or LINUX system, which has access to all the files. This vulnerability is known as privilege escalation. COW (Change on Write) is a technique used by Linux to reduce

Chào các bạn Trước khi chuyển sang Metasploiable 3 chúng ta cần dút điểm một số lab pentest system của Metasploiable 2 &THEROCK bao gồm những bài sau đây : - Lưu ý : Để PoC (nghĩa là chứng minh đã hoàn tất) thì các bạn nên quay video lại tiến trình làn bài hay ít nhất cũng chụp 1 cái hình minh họa kết quả cuối cùng. Về quy cách quay video thì các bạn nên có 1 file text giới thiệu vắn tắt Mô Hình Lab, & Các bước thực hiện bài Lab để người xem có thể hiểu được nội dung cần truyền tải. Phần mềm ghi video có thể dùng như Bandicam, Camtasia ... Các bài hướng dẫn trình bày kha chi tiết, nên các bạn có thể bỏ bớt các tình huống đăng nhập hoặc trong bài tác giả dùng Backtrack nên nếu mình dùng Kali hay Parrot ... cần phải linh động, vì các ứng dụng trên linux nó hoạt động khá tương tự nhau. Danh mục các bài tập cần hoàn thành và gởi cho Admin Tran Ngoc Bang 1 - Bài Thực Hành Metasploit Framework Lesson 2 : Exploiting the distcc daemon to obtain root http://www.antoanthongtin.edu.vn/2

This is our another article of root2boot penetration testing challenge. We will walk through a exploitable framework Mr. Robot. It is based on the TV show, Mr. Robot, it has three keys hidden in different locations. The main goal is to find all three tokens hidden in the system. Each key is progressively difficult to find. Breaking into it isn’t too difficult. There isn’t any advanced exploitation or reverse engineering. The level is considered beginner-intermediate. First Download the Mr Robot Lab from here First of all we have to find its IP address and for that go to the terminal of your Kali and type : netdiscover Upon the execution of the above command we will know about all the IP addresses in our network. Our target IP is 192.168.0.102 , let us scan it. To scan our target IP we will use aggressive scan(-A) nmap -A 192.168.0.102 The scan’s result shows us the open ports are : 22, 80, 443. As the 80 port is open we can try and open this IP in our browser. And yes, it opens

In this article we will try to attack and gain root access to the Stapler: 1 challenge from VulnHub. The goal is to reconnaissance, enumeration, and exploits this vulnerable machine to get root access and to read the contents of flag.txt. We have been told that are various methods to do so but we have tried and found the simplest way. Download the stapler vm from here WalkThrough   Start off with scanning the network to find our target. And we all the command for it is: netdiscover We found our target –> 192.168.1.105 To scan our target we will use Sparta. Sparta is combination of nmap scanning and Nikto. It makes our work simpler. To open Sparta , Open kali linux > Applications > Information Gathering > Sparta . After opening Sparta, click on where it says “click here to add host to scope”.  A dialog box will open asking target’s IP. Give your target’ IP there and click on add scope. Once Sparta starts working, it will show you all the ports open on our target. Resu