Let’s continue on from Part 1. We’ll be covering these techniques: Use this virtual machine to execute the techniques (it’s the same machine from Part I.) SUID SUID with PATH Environment Variable (Indirect) Let’s start with this question: How does the Linux terminal find an executable file that we execute as a command? For example,…
Privilege escalation is a key part of pentesting. Imagine a Linux system with three users: Asher, Cyber, and Root. Each has a different permission set. Asher can access and modify all the files he owns. Because the system administrator put him in the sudo group, he can access root permission. He may need to authenticate…
Buckle up! In this lesson, we’ll use BurpSuite to conduct a privilege escalation attack. We’ll hack into a machine provided by TryHackMe. This is one of my favorite companies for learning CyberSecurity. They have incredible resources for free (and 100% legal) hacking! Make sure you’ve completed the BurpSuite Part I and Part II introductory posts…
Welcome to part II on Backups! We covered the following in part I: This lesson will cover sending backups offsite, retrieving the backups, and performing additional automation. Begin by switching to the backup user on Machine 1 (Ubuntu Desktop) sudo -i -u bkup Now create a file for your offsite backup script: touch ~/backup.offiste chmod…
Let’s dive in! Fire up Kali and run all commands as root. In my previous posts, I’ve covered how ifconfig helps identify network information. Ubuntu, by default, controls network configurations with Netplan. Let’s install a better program called ifupdown. It’s much easier to use- all of the network information can be configured in one simple…
You might be thinking “Asher, I’m in cybersecurity. Isn’t it the Sysadmin’s job to handle backups?” Think back to the CIA triad: Confidentiality, Integrity, and Availability. Backups certainly fall under Availability. You should know how your organization’s data is backed up, so you can protect it. You should also know how the backups themselves work.…
Imagine this scenario: You’re an analyst for a large organization, and you suspect there’s an infected box. You decide to analyze the outbound network traffic. You SSH to the firewall and do a packet capture with tcpdump. This is a 10.0.0.0/24 network with 200 subnets traveling through the firewall. With a 24 bit subnet mask,…
This post will demonstrate how to capture packets with tcpdump and analyze them with Wireshark. I’m going to capture the traffic of me logging into the website http://testphp.vulnweb.com/login.php. It’s an unencrypted communication, so I’ll be able to capture the password. First, open a terminal in Kali Linux. You need to find the name of the…
Hello everyone! This is a step-by-step guide for making your own self-hosted, secure cybersecurity portfolio with WordPress. Here’s the process: STEP 1: MAKING DIGITAL OCEAN ACCOUNT. Go to https://www.digitalocean.com and make an account (or sign in, if you have one.) STEP 2: MAKE A PROJECT Click “+ New Project” button on the left hand side.…