0xbc

This article is walk through for Pluck1 boot2root machine. Can be download from vulnhub: https://www.vulnhub.com/entry/pluck-1,178/ As a shortcut, exploit knowledge I use in this machine:  LFI Shell escape SUID exploit Let's start First as always, find the address by netdiscover or arp-scan -r is for 'range' option Information Gathering After found address, use nmap to scan which port is open, we got 22, 80, 3306 First start with http, we see a page and with some option on the top When I browse the About option, it shows some file with URL page=about.php It means it could be LFI if it don't have sanitize input So next I try to put page=../../../../../etc/passwd  Bingo!  Got passwd file and on the bottom line there is an interesting user name backup with a script file Use LFI again to see what's inside this file content is  we can get in via tftp and in file /back

This is writeup for Vulnhub machine: Lazysysadmin Machine can be download from here: https://www.vulnhub.com/entry/lazysysadmin-1,205/ Target IP is 172.16.194.199 Next, run nmap scan: Found port 22, 80, 139, 445, 3306, 6667 I start with http scan Found wordpress and phpmyadmin, looks really interesting! Try to dig more with wpsccan and see the site: There is "My name is togie", this looks interesting, maybe the system's username or something else Run wpscan: Try some default credentials on wordpress login, but not work... After I cannot dig anything, I try to turn into samba service: Next, try to access the server with smbclient: Great! We can access without any password. And we have file name deets.txt, open on browser and got: Try again on wordpress, but not work. Next file is default password file wp-config.php After get the file, open it and

1. Introduction There are tons of certification in cybersecurity, for example, CEH, Security+, CISSP....but OSCP is known for its hands on experience and 24 hour exam. 2. Before OSCP.... 2.1 Material recommend There are some resource I would like to highlight before really step in OSCP's course. Although OSCP is the entry level cert in offsec, it still have lots knowledge Offsec expect people knows. Vulnhub: contain lots vulnerable machine, can download and do it locally https://www.vulnhub.com Hackthebox: Need VPN to their network, similar to OSCP's lab, really good resource before OSCP https://www.hackthebox.eu/ 2.2 Course Intro Official Sire is  https://www.offensive-security.com  , and before take exam, need to take their PWK course, here is syllabus  https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf Course have three types: Course + 30/60/90 days lab, can be found here: https://www.offensive-security.com/information-securit

1. 前言 在資訊安全的證照中, 有許多證照以及課程可以學習 像是CEH, Security+, CISSP. 但真正以實作滲透測試為主的, OSCP算是最大宗. 在台灣並不算很出名...但在國外算是小有名氣的證照之一. 國外的分享數量非常多不在話下, 所以這篇文章將以中文做分享, 希望能藉此機會拋磚引玉一下 2. OSCP介紹與先修材料推薦 2.1 先修材料推薦 由於 OSCP 對修課者會有一定的要求, 有些人或許會好奇, 如何才知道自己是否準備好可以來上課了？ 有些資源是我個人很推薦在上課之前可以先參考練習一下： https://www.vulnhub.com  (提供很多脆弱虛擬機可以下載來練習, 網路上很多人有分享解法, 可以一步一步學習依樣畫葫蘆) https://www.hackthebox.eu  (需要用官網提供的VPN進入他的 Lab環境, 跟OSCP Lab類似, 由於是免費的所以並沒有提供教材. 但是是很棒的資源. 他有個前提是要能夠破解官網註冊步驟) 2.2 課程簡介 Lab購買方式 官網是  https://www.offensive-security.com  , 要參與考試之前必須先上他們的線上課程, 課程大綱的網址如下:  https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf 他的課程分為三種 (買lab同時會包含一次的考試, 單買考試是 一次60美金 以漲價變成150美金)： Course + 30 days lab Course + 60 days lab Course + 90 days lab 詳細價格在 https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/ 可以發現其實差別只在lab天數. 不建議購買30天lab....因為有很大機會會沒有足夠時間做lab. 但是在購買過Course package後是可以單獨購買lab時數的. (很害羞的說我lab續了兩次, 因為小弟經驗不足實在破不完lab) 課程包括了PDF以及Video, 裡面會針對滲透測試做基本的介紹