Exploiting CVE-2017-0199 – Complete Guide

Categories Security, Tutorials

Hello everyone, this month FireEye published a vulnerability known as CVE-2017-0199, which makes use of OLEv2 links in existing documents.
So, what is this OLEv2 object links? It’s basically an object (file) that we include in our file and it’s content will be loaded into the document. In short: file inside file

Quite confusing to start, but when we start using it, and exploiting this vulnerability, we understand better how it works.
Continue reading “Exploiting CVE-2017-0199 – Complete Guide”

Getting back for more pentest – Pentestit.ru Lab V.10

Categories Tutorials

Here I am, getting back to my pentest and learning activities, this time will be for good. Doing this time, I took a “break” of security (not really), but I was focusing in cryptocurrencies and had a lot to learn, and started to do my investments in it.
I’m happy to say that I’m having a pretty nice ROI going already with 145% profit. So, if this is a subject that have interest for you, let me know in comments, and I might start a dedicated section for cryptocurrencies.

This time, we going to address the below network: Continue reading “Getting back for more pentest – Pentestit.ru Lab V.10”

Pentestit.ru V.9 (Part 14) – Token SSH-Test – Final 14/14

Categories Tutorials

So the Final Chapter arrived… 😀 I’m happy to say that this was an awesome experience, and I hope this was useful for someone else also.
This Lab is coming to an end soon, and the version v10 will start, a new era, new challenges, more to learn, more to share, more difficulty’s to cross.

So, lets get to the business, shall we? Continue reading “Pentestit.ru V.9 (Part 14) – Token SSH-Test – Final 14/14”

Pentestit.ru V.9 (Part 13) – Token Terminal

Categories Tutorials

So, here we are again, almost finishing the Pentestit.ru lab v9.
This TOKEN was really hard, specially because you had to have in mind everything you went ahead till arrive here, and that everything has its own purpose.

Remember the reply email we were getting when going after the Email Token?
vmware_2016-07-29_15-28-09
That is our way in into Terminal Token, and I have to be honest, I had no idea if I didn’t had a look into the WriteUp 😛

So, let’s go into it: Continue reading “Pentestit.ru V.9 (Part 13) – Token Terminal”

Pentestit.ru V.9 (Part 12) – Token Site-Test

Categories Tutorials

It’s been a long time since my last Token tutorial, but today I bring here another Token tutorial, this time to Site-Test Token 😉

So, this one was a nice one, and it makes use of a “recent” vulnerability that i didn’t knew about, so it was a great learning experince as you will find out 🙂
It was kinda hard because I started it and then took a month of break, so when i got back to it I had to rethink it again ( glad I had my notes).
So, enough talk, lets get back into what it really matters. Continue reading “Pentestit.ru V.9 (Part 12) – Token Site-Test”

Pentestit.ru V.9 (Part 10) – Token Photo

Categories Tutorials

So, another day, another tutorial. 😀
And this time we are going to focus our efforts in “Photo” machine.
As usual we start the nmap scan from our “ssh server” shell, and we see that we have 2 open ports SSH and HTTP.

$ nmap 192.168.0.6 -sV

Starting Nmap 6.00 ( http://nmap.org ) at 2016-08-03 16:17 MSK
Nmap scan report for 192.168.0.6
Host is up (0.0013s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.0p1 Debian 4+deb7u4 (protocol 2.0)
80/tcp open  http    nginx 1.10.0

Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

So we start Continue reading “Pentestit.ru V.9 (Part 10) – Token Photo”

Pentestit.ru V.9 (Part 9) – Token DEV

Categories Tutorials

I have to say that until now this one (Token DEV) was the most fun and rewarding one. It made me use some previous knowledge analyze things, and once again think outside the box. It also made me know and learn a tool also known as Intercepter-ng.

So here we are, after get the Terminal2 Token, and have access to the Terminal2 machine we have the DEV machine in the same network, so we want to try to explore it, and get access to it. Continue reading “Pentestit.ru V.9 (Part 9) – Token DEV”