Asset Types Asset Classification Asset Storage Apply appropriate controls based on classification Data is more valuable than the media Asset Security Data Classification Type of Data Data Stakeholders Data Remanence Data left over after a removal and deletion process Data Destruction Scoping Portion of standards that will be applicable for organization Tailoring Customizing standards asContinue reading “Domain 2: Asset Security”
Tag Archives: hacking
Common Linux Privilege Escalation
Used room: https://tryhackme.com/room/commonlinuxprivesc Privilege Escalation is a practice. It mainly depends upon configuration done in the system that acts as a weakness to escalate the privileges. These configurations can be of many types. For e.g.: So, today or tonight we will see various methods to do privilege escalation in Linux. Step 1: Enumerate the machineContinue reading “Common Linux Privilege Escalation”
Net Sec Challenge
What is the highest port number being open less than 10,000? 8080 There is an open port outside the common 1000 ports; it is above 10,000. What is it? 10021 How many TCP ports are open? 6 What is the flag hidden in the HTTP server header? THM{web_server_25352} What is the flag hidden in theContinue reading “Net Sec Challenge”
Terminology Cheat Sheet
S. No. Term Meaning/Use 1 Access control list(ACL) Firewall on network level 2 Auto Scaling Automates the process of adding or removing instances based on traffic 3 Buckets Root – level folders 4 CloudFront Content delivery network (CDN) that allows you to store your content at “edge locations” located all around the world, allowing customersContinue reading “Terminology Cheat Sheet”
Understanding Log4j
What is Log4j? Log4j is a java package mostly a part of the Apache Logging utility used to capture logs. Everything you do on the internet becomes an event that gets captured in a form of a log. Even your inputs also get captured in logs. Your application is vulnerable if it logs a user’sContinue reading “Understanding Log4j”
John The Ripper
John the Ripper is one of the most well known and efficient hash cracking tool. It is a fast in cracking, with an extraordinary range of compatible hash types. What is Hash? A hash is basically a fingerprint of any piece of data. The process of hashing is irreversible i.e. information once converted into aContinue reading “John The Ripper”
Love HackTheBox Walkthrough
Steps followed: Recon – NMAP Directory Busting – GOBUSTER Sensitive data exposure File Upload Vulnerability Shell Upload Reverse TCP exploit Always_Install_Elevated exploit For simplicity I stored IP address of web application in a variable Using NMAP for the machine port scan VIA NMAP I found OS: Windows, some open ports and URL i.e. staging.love.htb NextContinue reading “Love HackTheBox Walkthrough”
UNION based SQL Injection
Requirements for UNION based injection Rule: The number and the order of the columns must be the same in all queries The data types must be compatible For practice, we are going to use PortSwigger Labs, Lab: SQL injection UNION attack, determining the number of columns returned by the query Description: This lab contains anContinue reading “UNION based SQL Injection”
Tryhackme – Kenobi
Scan the machine with nmap, how many ports are open? Answer: 7 Enumerating Samba for shares nmap -p 445 –script=smb-enum-shares.nse,smb-enum-users.nse 10.10.203.136 Using the nmap command above, how many shares have been found? Answer: 3 On most distributions of Linux smbclient is already installed. Lets inspect one of the shares. smbclient //<ip>/anonymous Using your machine, connectContinue reading “Tryhackme – Kenobi”
OWASP Juice Shop
Day 1 Task – Injection Question #1: Log into the administrator account! Capture the request and change the parameters Click on send button See response in browser The token used is a jwt token which can be easily decoded from jwt.io After decoding you get the password Login with the credentials Here is your flag.Continue reading “OWASP Juice Shop”
