Linux Privilege Escalation by Exploiting Cron jobs

After solving several OSCP Challenges we decided to write the article on the various method used for Linux privilege escalation, that could be helpful for our readers in their penetration testing project. In this article, we will learn “Privilege Escalation by exploiting Cron Jobs” to gain root access of a remote host machine and also… Continue reading →
The post Linux Privilege Escalation by Exploiting Cron jobs appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/

PE Linux – Linux Privilege Escalation Tool

New Linux Privilege Escalation Tool.Getting StartedSystem Information GathererKernel Information GathererChecking Development environments on the system (Escaping Restricted Shells)Extract PATH & environment InformationCheck Kernel if Vulnerable To Dirty cow ExploitPassword CollectorLog Analyzer For interesting InformationCheck Password PolicyDatabase Password CollectorCheck If SSH Are Allowed With RootChecking For interesting Root,Home,Var Directory FilesRSA Key’s CollectorCommand History AnalyzerUsers Enumeration (Root – Sudo – UID List – GID List)Cron Jobs Enumeration (Permissions – Own Cron – Cron Content – Writable Cron)Network Information Lookup (TCP Connections – ARP – Services)List Are Open For Updates :)Download PE-Linux

Link: http://feedproxy.google.com/~r/PentestTools/~3/Dp53wu5dov8/pe-linux-linux-privilege-escalation-tool.html

Beginner Guide to impacket Tool kit

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC). According to the Core Security Website, Impacket supports protocols like IP, TCP, UDP, ICMP, IGMP, ARP, IPv4, IPv6, SMB, MSRPC, NTLM, Kerberos, WMI, LDAP… Continue reading →
The post Beginner Guide to impacket Tool kit appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit/

Linux Privilege Escalation using LD_Preload

Hello friends, today we are going to discuss a new technique of privilege escalation by exploiting an environment variable “LD_Preload” but to practice this you must take some help from our previous article. Table of contents Introduction Shared Libraries Shared Libraries Names LD_Preload Lab setup Post-Exploitation Introduction Shared Libraries Shared libraries are libraries that are… Continue reading →
The post Linux Privilege Escalation using LD_Preload appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/linux-privilege-escalation-using-ld_preload/

Metateta – Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit

Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit For faster pen testing for large networksWhat You Can DoScanning with all metasploit modules for specific network Protocol like smb,smtp,snmpRun all Auxiliary modules against specific network ProtocolRun all Possible Metasploit Exploits for specific network Protocol That’s is not recommended for real pen testingCan Run against one target or network or even text file with targetsUsing example’srun.py -R 192.168.1.15-255 -p smb -x exploit run.py -r 192.168.1.15 -p smtp -x scan run.py -f hosts.txt -p smb -x auxiliaryHossam Mohamed – @wazehellDownload Metateta

Link: http://feedproxy.google.com/~r/PentestTools/~3/JS2U_1rLV1I/metateta-automated-tool-for-scanning.html

Multiple Ways to Get root through Writable File

In Linux everything is a file, including directories and devices that have permissions to allow or restricted three operations i.e. read/write/execute. When admin set permission for any file, he should be aware of Linux users to whom he is going allow or restrict all three permissions. In this article, we are going to discuss Linux… Continue reading →
The post Multiple Ways to Get root through Writable File appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file/

Penetration Testing on X11 Server

X is an architecture-independent system for remote graphical user interfaces and input device capabilities. Each person using a networked terminal has the ability to interact with the display with any type of user input device. Source: Wikipedia In most of the cases the X’s Server’s access control is disabled. But if enabled, it allows anyone… Continue reading →
The post Penetration Testing on X11 Server appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/penetration-testing-on-x11-server/

Msploitego – Pentesting Suite For Maltego Based On Data In A Metasploit Database

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres msf database.RequirementsPython 2.7Has only been tested on Kali Linuxsoftware installations:Metasploitnmapenum4linuxsmtp-checkniktoInstallationcheckout and update the transform path inside MaltegoIn Maltego import config from msploitego/src/msploitego/resources/maltego/msploitego.mtzGeneral UseUsing exported Metasploit xml filerun a db_nmap scan in metatasploit, or import a previous scanmsf> db_nmap -vvvv -T5 -A -sS -ST -Pnmsf> db_import /path/to/your/nmapfile.xmlexport the database to an xml filemsf> db_export -f xml /path/to/your/output.xmlIn Maltego drag a MetasploitDBXML entity onto the graph.Update the entity with the path to your metasploit database file.run the MetasploitDB transform to enumerate hosts.from there several transforms are available to enumerate services, vulnerabilities stored in the metasploit DBUsing Postgresdrag and drop a Postgresql DB entity onto the canvas, enter DB details.run the Postgresql transforms directly against a running DBNotesInstead of running a nikto scan directly from Maltego, I’ve opted to include a field to for a Nikto XML file. Nikto can take long time to run so best to manage that directly from the os.ScreenshotsTODO’sConnect directly to the postgres database – in progressMuch, much, much more tranforms for actions on generated entities.Download Msploitego

Link: http://feedproxy.google.com/~r/PentestTools/~3/NL3Bxk8kM2s/msploitego-pentesting-suite-for-maltego.html

Beginners Guide for John the Ripper (Part 2)

We learned most of the basic information on John the Ripper in our Previous Article which can be found here. In this article we will use John the Ripper to crack the password hashes of some of the file formats like zip, rar, pdf and much more. To crack theses password hashes, we are going… Continue reading →
The post Beginners Guide for John the Ripper (Part 2) appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/beginners-guide-for-john-the-ripper-part-2/

Group Discussion: Penetration Testing – Enterprise Security Weekly #94

Paul and John welcome Adrian Sanabria, Director of Research for Savage Security; Dave Kennedy, Founder of TrustedSec, Binary Defense, and DerbyCon; and Security Weekly’s very own Jeff Man! Paul and John have a group discussion with Adrian, Jeff, and Dave on Penetration Testing! Full Show NotesVisit http://securityweekly.com/esw for all the latest episodes!
The post Group Discussion: Penetration Testing – Enterprise Security Weekly #94 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/5Th5lEWvjwE/