There are a few new releases on Vulnhub and the one I'm writing about today claims there are 12 avenues for privilege escalation.  Honestly, I'm not interested in finding 12 different privilege escalations.  I have the patience and the time for one.  I figured with that many avenues, this would be over quickly.  I appreciate the effort but I'm one and done on this box.

If you're on the hunt for all 12, I've got a few hints in the screenshots.  I would also look at cron because I seem to recall seeing something there as well when I was hunting around post root.  

Anyway, kicking off with Nmap:

Read more: Vulnhub Escalate_Linux: 1 Walkthrough

I've been asked to give a talk on basic OpSec and I started compiling a small list of the essentials.  Some of the items on my list have already been written and exist somewhere on this site while others are yet to be written.  One of the questions that came up during the request for the OpSec talk involved public WiFi, the dangers, and how to protect yourself.  

First, we have to understand how WiFi connections work at a basic level.  The real danger comes from WiFi connections that are not secure, like those we find in an airport, a cafe, etc.  When you turn on your device, the device will go through it's list of saved connections and it will toss out a request.  Starbucks, you here?  Oakland Airport, are you here?  

Read more: Man in the Middle Attack

In a not so distant past, I was a highly competitive endurance sports athlete.  I'm still very involved in endurance sports but not at that level because eventually you have to grow up and go back to work.  But during that time, I was highly obsessed with every aspect of endurance sports.  That is my nature though.  I become passionate and I obsess to become the absolute best I can be.  

I've been into technology since I was a kid and it is the single constant in my life.  Obsessions come and go but tech has always been there.  Maybe not to the level of that first contact -- it ebbs and flows.  When I discovered information security, that stoked the fire once more and my obsession rages on.  With the exception of endurance sports which play a large role in my life, the only free space in my life is consumed by infosec.  

Read more: Abusing Python Input

Here's the situation -- you're on a network and you find a Network Attached Storage device with a share protected using a weak password.  You brute force the password and once you login, you find a WindowsImageBackup directory which houses the data from a Windows Server Backup.  When we view the contents, we're interested in the files with the VHD or VHDX extension.  VHDX is essentially the same as VHD but the size limit on VHDX was increased to 2TB.  That's neither here nor there, what we really want is inside the file.

We could copy the file over to our machine but depending on the location of the file with respect to your attacking system, that could be a problem.  What we really want to do is to mount that file in its current location and access what's inside.  

My Kali box is already setup so in this example, I'm using Ubuntu 18 but the steps are the same regardless of whether it's Kali or not.

Read more: Linux Mount VHD / VHDX

Don't hide passwords in Excel.  If you hide passwords in Excel, they can be found.  If you password protect Excel documents, they can be cracked.  Now that I've given my public service announcement, if you have to hide passwords in Excel or you have data that you don't necessarily want visible at all times, I have a quick fix for you.   I was sort of hoping for something a little more elegant but when I came across this solution, it solved my immediate problem and I'm not really all that interested in spending more time for a slightly better solution.

Below, we have a typical Excel document with a column for the username and another column for the password:

Read more: Excel Password Hide

I needed a quick and simple distraction for something more complicated that I've been working on.  A Google search for "Vulnhub Easy" turned up Simple which according to the description "focuses on the basics of web based hacking".  This was exactly what I had in mind and it probably took longer to write-up than it did to root.  I did find something interesting about the entry point which I learned after I rooted the box but I will get to that at the end of this post.

First we kick off with an Nmap scan:

Read more: Vulnhub SecTalks: BNE0x03 - Simple Walkthrough