A quick primer prior to hitting the substance of this post. 

With respect to the Internet, people like names and machines like numbers.  When we enter:  www.google.com into our web browsers, domain name service (DNS), is what takes the name:  www.google.com and converts it to the IP address:

DNS encompasses more than that but the basic point is that this type of resolution exists in the background and it's all happening unencrypted.  So why do we care?  We could talk about Man in the Middle attacks and how this traffic can be intercepted, poisoned, and how you could be sent somewhere else.  But odds are pretty good that's not happening to you.  Let me paint a more realistic example that is happening to you.  

Read more: DNS over HTTPS (DoH)

Don't hide passwords in Excel.  If you hide passwords in Excel, they can be found.  If you password protect Excel documents, they can be cracked.  Now that I've given my public service announcement, if you have to hide passwords in Excel or you have data that you don't necessarily want visible at all times, I have a quick fix for you.   I was sort of hoping for something a little more elegant but when I came across this solution, it solved my immediate problem and I'm not really all that interested in spending more time for a slightly better solution.

Below, we have a typical Excel document with a column for the username and another column for the password:

Read more: Excel Password Hide

There are a few new releases on Vulnhub and the one I'm writing about today claims there are 12 avenues for privilege escalation.  Honestly, I'm not interested in finding 12 different privilege escalations.  I have the patience and the time for one.  I figured with that many avenues, this would be over quickly.  I appreciate the effort but I'm one and done on this box.

If you're on the hunt for all 12, I've got a few hints in the screenshots.  I would also look at cron because I seem to recall seeing something there as well when I was hunting around post root.  

Anyway, kicking off with Nmap:

Read more: Vulnhub Escalate_Linux: 1 Walkthrough

I've been asked to give a talk on basic OpSec and I started compiling a small list of the essentials.  Some of the items on my list have already been written and exist somewhere on this site while others are yet to be written.  One of the questions that came up during the request for the OpSec talk involved public WiFi, the dangers, and how to protect yourself.  

First, we have to understand how WiFi connections work at a basic level.  The real danger comes from WiFi connections that are not secure, like those we find in an airport, a cafe, etc.  When you turn on your device, the device will go through it's list of saved connections and it will toss out a request.  Starbucks, you here?  Oakland Airport, are you here?  

Read more: Man in the Middle Attack

In a not so distant past, I was a highly competitive endurance sports athlete.  I'm still very involved in endurance sports but not at that level because eventually you have to grow up and go back to work.  But during that time, I was highly obsessed with every aspect of endurance sports.  That is my nature though.  I become passionate and I obsess to become the absolute best I can be.  

I've been into technology since I was a kid and it is the single constant in my life.  Obsessions come and go but tech has always been there.  Maybe not to the level of that first contact -- it ebbs and flows.  When I discovered information security, that stoked the fire once more and my obsession rages on.  With the exception of endurance sports which play a large role in my life, the only free space in my life is consumed by infosec.  

Read more: Abusing Python Input

Here's the situation -- you're on a network and you find a Network Attached Storage device with a share protected using a weak password.  You brute force the password and once you login, you find a WindowsImageBackup directory which houses the data from a Windows Server Backup.  When we view the contents, we're interested in the files with the VHD or VHDX extension.  VHDX is essentially the same as VHD but the size limit on VHDX was increased to 2TB.  That's neither here nor there, what we really want is inside the file.

We could copy the file over to our machine but depending on the location of the file with respect to your attacking system, that could be a problem.  What we really want to do is to mount that file in its current location and access what's inside.  

My Kali box is already setup so in this example, I'm using Ubuntu 18 but the steps are the same regardless of whether it's Kali or not.

Read more: Linux Mount VHD / VHDX