-
Analyst Tip: Testing Firewall Egress
A quick tip for testing available TCP egress, using nc, bash, and allports.exposed: for i in {1..1023}; do nc -vz -w 1 allports.exposed $i; done This will use nc with the -v, -z, and -w switches to attempt to connect to allports.exposed on TCP ports 1 through 1023. -v requests verbose output, -z puts nc in scanning mode, and -w 1 tells nc to time out after one second. You may need to adjust the value supplied with -w according to the anticipated latency of the network you’re on.…more
-
Practice for OSCP
There are several excellent places online you can practice for the PWK/OSCP course and certification. In no certain order, they include: OverTheWire HackThisSite VulnHub HackSplaining CTF365 Root-Me Hacking Lab Pentester Lab
-
Learning remote enumeration (Part 2)
In Part 1, I introduced some sound methodology for approaching remote enumeration, which I now realize needs a bit of revision. It’s not that it’s a bad approach, it’s just too aggressive and would potentially miss certain aspects of the target that may prove useful or time-saving. Act like a user, not a hacker The first thing I’ve learned is that it’s best to act like a user, not an attacker.…more
-
Walking through a basic buffer overflow
I’m learning about buffer overflows in preparation for the PWK course and OSCP exam. I haven’t touched assembly language in more than 20 years, and the protections present in modern OSes just didn’t exist back when I first learned all this (let alone the fact that I was working on 680x0 and 650x assembly at the time). After trying desperately to make the mental leap from the 1990s to modern operating systems and following along in Aleph One’s Smashing The Stack For Fun And Profit, I decided to use the material from Chapter 16 of Georgia Weidman’s excellent Penetration Testing: A Hands-On Introduction to Hacking, and write this to ensure I understand exactly what I’m doing and what’s going on in that chapter.…more
-
Quick tips for linux screenshots from the shell
As part of your workflow, you may need to take multiple screenshots quickly. There are several methods to do this within Linux, but the easiest and most efficient I’ve found is called import. The manpage deatails all the options, but my most typical usage is simply: import foo.png (substituting the actual name I want to use for “foo”, of course) This will cause your cursor to change to crosshairs. You can then position the crosshairs and draw a bounding box around the area you want to capture by pressing and holding the left mouse button.…more
-
My OSCP workflow
Taking the Offensive Security PWK class and their OSCP exam while working a full-time job presents several challenges, the greatest of which is time management. To make effective use of my available time, I need to ensure I can work wherever and whenever I have a spare few moments. This means a few things: I need to have access to my notes from everywhere I need to have access to all collected lab information from everywhere I need to be able to access the labs from everywhere All of these boil down to personal preference.…more
-
Learning remote enumeration (Part 1)
When many people hear the term “enumeration”, they think “port scanning.” But enumeration is so much more than that. There are two major categories of enumeration: Remote enumeration Local enumeration To properly perform remote enumeration on an unknown target, I prefer the following steps: Quickly determine what hosts are on the network Quickly port scan the discovered hosts for low-hanging fruit Perform a more thorough port scan of the discovered hosts Begin enumerating the hosts via the various available services Start looking for possible remote vulnerabilities 1.…more