Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About ksecurity

  • Rank

Profile Information

  • Gender
  • Location
    Nowhere sunlight is
  • Interests
    Hacking, Assembly & RE, AV Evasion

Recent Profile Visitors

812 profile views
  1. Ahh gotcha..In that case, the CEH is a great place to dive in and learn about this side of the fence. My only beef with the CEH is that it gets too much praise or I should say misinterpretation as something that teaches how to pentest/ethical hacking. I mean ya you can apply the knowledge from it, but man, the OSCP and up are just pure 100% can you do it or not. At the same time it depends how people study for the CEH. If it's just textbook stuff then meh, but I know some places offer a mix of hands on and text based like CBT nuggets and InfoSec Institute. I think the cert scene is getting a l
  2. @ B-17 : Hey, Was a bit of manipulation. I've moved on a looong way since the CPT to knock out the OSCP and OSCE (<--- insanely difficult). Wished I had done more in-depth practice before hand. Basically when it comes to pentesting certs, I prefer anything that has hands-on testing like breaching simulated networks. So obviously these virtual networks are designed with flaws that will work. Finding the flaws is only part one. My background in security really just came from being a network engineer and I never really had the need to dig into exploit development and reverse engineering, ass
  3. Hey Catesby, A popular option (if available to you) is to install kali on your attack server, ssh right into it, bob's your uncle. Some fun stuff you can do with netcat (or even ncat with --allow and --ssl flags) to forward or reverse the shell of the attack server right to your laptop. Might make the routing easier on you if you move the attacking OS onto the server. Can still keep kali on the laptop.
  4. Dear Hak5ers, Apologies if this has been discussed, I only went a few pages in to see. So what I'm goofing with is the whole isolation proxy thing, using whonix-gateway in a VM (couldn't build successfully on my extra physical box). I followed the basic guide provided by them just to get er up and running. I'm a vmware man myself, but some extra work involved so went with the suggest virtualbox. So the guide suggest the following (actually a mix of two) vm #1 - the Whonix gateway. It has 2 NIC's : one is NAT so we can reach out on the net to TOR, second is an internal (called whonix) runnin
  5. Hey guys, So the question I have is regarding pivots and what I'm assuming is going to come down to the 'route add' command on kali. Here's the scenario: Attack machine = (which is assigned through tap0 from a vpn connection) Also, the vpn connection above, automatically attaches me to a 192.168.15.* network Target network 1 = 192.168.15.* range mentioned above. Target network 2= 10.1.1.* One of the machine on target network 1 has been compromised and i've pivoted through metasploit to launch new attacks at target network 2, because this compromised machine is attached to
  6. @Foxtrot well, don't mean to be rude but I'm not going to go into specifics just in case anyone other ppl stumble in with CPT issues, but essentially when exploits that should work given the kernel versions were sigsev'n on me ,I was gonna go through the backtrace in gdb and fix the likely memory addressing issues, instead I went with a combo approach. Worked a suid vulnerability with execv() code that helped trigger root owned executables. Chances are that this was a long way around a shorter issue, but hey it worked.
  7. AHA!!! Got it..Funny how one thought can trigger another...your DEP comment made me think outside the box (like I should have been doing)..anyways, long story short..got the shadow..really appreciate the dialogue digininja, it helped
  8. I usually run a similar machine so as to test ideas and what not while having full control. Good point about the DEP though, without looking in to it I assumed the SIGSEV could be caused by it, but chances are just exhaustion or incorrect addressing. Gotta figure out what I'm doing wrong with the exploit code
  9. Gonna add also, as for the exploits, I've been building a few ways and testing them all..I have another RHL9 VM unrelated to the course that I'm compiling on. Been doing things like : # gcc code.c (just to get an a.out) , # gcc code.c -o code (standard) , static flag now and then....think thats it.
  10. It is well known indeed. The VM's are local. I debated imaging the vmdk and mounting in another vm, but not really the point of the exercise. As for actually obtaining the root password, yes the objective is to grab the shadow and crack offline. I have a feeling they aren't exactly complex and brute forcing is on the backburner. They objectives outline says, although not necessary that by using the standard account credentials obtained from the first VM, which work on this one, should be used to somehow exploit locally as a logged in user. However doesn't have to be i.e. brute force. I'm taki
  11. @digininja Thanks for the reply. I have grabbed every potential privy code I could find related to this system. I mentioned in the opening post that I could just be having compiling issues so I'm not giving up on that just yet, but I appreciate the input nonetheless!
  12. @can Hey can...other commentors hit the nail on the head, and you definitely have some options as to your setup. But to address your inital concern about security, digininja's points are dead on as per what approach to take. A rule of thumb to keep in mind when debating how to setup some perimeter defences and how they reflect your concerns about the outside world, is that as you start to increase your security level and mechanisms to a substantial amount, functionality, err I should say ease-of-use has the tendency to go down. Also, the more you add in to whatever it is you try to setup, the
  13. @digininja Hey all, new to the forum, glad to be here yadda yadda :)..gotta agree though with you digi as while still an entry guy into pentest circuit (cry for help RHL9 post I made)..I do a decent amount of forensic study and while yes Kali et. al. are great to cover a wide spread of purposes for the user, what tools get picked for the job is dependant on the job I feel. Like logicalconfusion said "the leaner the better". One of my lab setups has a few VM's dedicated to what I'm doing forensics on. Like I got all the usual forensic distros i.e. SIFT, NIST, CAIN, even PlainSight lol, but in t
  14. Howdy Hak5 folks.. Well, I'm expected some "try harders" and other such encouragement :)..I'm at the very tail end of the CPT exam. If anyone is unsure of it, first part is multi-choice (aced it!) ..second is compromising two VM's..got first in minutes happy to say..the second one......here is where I'm losing my hair very quickly. The objective is root password on both vm;s...this second one is where I seem to be hitting a dead end, and this is the first reaching out for help attempt. Basically, from what I can gather, this particular vm needs to be compromised via a local exploit be it pri
  • Create New...