Hello everyone, this month FireEye published a vulnerability known as CVE-2017-0199, which makes use of OLEv2 links in existing documents.
So, what is this OLEv2 object links? It’s basically an object (file) that we include in our file and it’s content will be loaded into the document. In short: file inside file
Quite confusing to start, but when we start using it, and exploiting this vulnerability, we understand better how it works.
Continue reading “Exploiting CVE-2017-0199 – Complete Guide”
So this is the 1st tutorial for the 1st token that I achieved.
This was a hard fight and had to get help from different people.
Note: I must say this Token, and the next two I got before my security break, but I’m documenting here now ( Yes, lab is still live, so you still can go for it). Have fun. Continue reading “Pentestit.ru V.10 (Part 1) – Token Mail”
Here I am, getting back to my pentest and learning activities, this time will be for good. Doing this time, I took a “break” of security (not really), but I was focusing in cryptocurrencies and had a lot to learn, and started to do my investments in it.
I’m happy to say that I’m having a pretty nice ROI going already with 145% profit. So, if this is a subject that have interest for you, let me know in comments, and I might start a dedicated section for cryptocurrencies.
This time, we going to address the below network: Continue reading “Getting back for more pentest – Pentestit.ru Lab V.10”
So the Final Chapter arrived… 😀 I’m happy to say that this was an awesome experience, and I hope this was useful for someone else also.
This Lab is coming to an end soon, and the version v10 will start, a new era, new challenges, more to learn, more to share, more difficulty’s to cross.
So, lets get to the business, shall we? Continue reading “Pentestit.ru V.9 (Part 14) – Token SSH-Test – Final 14/14”
So, here we are again, almost finishing the Pentestit.ru lab v9.
This TOKEN was really hard, specially because you had to have in mind everything you went ahead till arrive here, and that everything has its own purpose.
Remember the reply email we were getting when going after the Email Token?
That is our way in into Terminal Token, and I have to be honest, I had no idea if I didn’t had a look into the WriteUp 😛
So, let’s go into it: Continue reading “Pentestit.ru V.9 (Part 13) – Token Terminal”
It’s been a long time since my last Token tutorial, but today I bring here another Token tutorial, this time to Site-Test Token 😉
So, this one was a nice one, and it makes use of a “recent” vulnerability that i didn’t knew about, so it was a great learning experince as you will find out 🙂
It was kinda hard because I started it and then took a month of break, so when i got back to it I had to rethink it again ( glad I had my notes).
So, enough talk, lets get back into what it really matters. Continue reading “Pentestit.ru V.9 (Part 12) – Token Site-Test”
So, today I’m going to talk about Portal Token.
This one, was a really hard challenge, and I saw myself doing it the 2nd time, because I didn’t commented the 1st time.
That was also good, because I refreshed my ideas, and I’m actually doing it as I write this tutorial, today.
So, lets get things started: Continue reading “Pentestit.ru V.9 (Part 11) – Token Portal”
So, another day, another tutorial. 😀
And this time we are going to focus our efforts in “Photo” machine.
As usual we start the nmap scan from our “ssh server” shell, and we see that we have 2 open ports SSH and HTTP.
$ nmap 192.168.0.6 -sV
Starting Nmap 6.00 ( http://nmap.org ) at 2016-08-03 16:17 MSK
Nmap scan report for 192.168.0.6
Host is up (0.0013s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u4 (protocol 2.0)
80/tcp open http nginx 1.10.0
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
So we start Continue reading “Pentestit.ru V.9 (Part 10) – Token Photo”
I have to say that until now this one (Token DEV) was the most fun and rewarding one. It made me use some previous knowledge analyze things, and once again think outside the box. It also made me know and learn a tool also known as Intercepter-ng.
So here we are, after get the Terminal2 Token, and have access to the Terminal2 machine we have the DEV machine in the same network, so we want to try to explore it, and get access to it. Continue reading “Pentestit.ru V.9 (Part 9) – Token DEV”
So here we are again, but this time to show how we have got the Token from Terminal2 machine.
Doing an nmap scan to the target machine and enumerating it’s services we noticed that this server have Continue reading “Pentestit.ru V.9 (Part 8) – Token Terminal2”