Professional Penetration Tester got root 1?
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Scope: Gain access to the (HackademicRTB1) box and read the “Key.txt” file in the root directory.
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Target
Descargar: http://dc315.4shared.com/download/ZIlP15Fq/HackademicRTB1.zip
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Target
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester PenTester
http://www.backtrack-linux.org/ajax/download_redirect.php?id=BT5R1-GNOME-VM-32.7z
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Network Mapping
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Network Mapping - netdiscover
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Network Mapping - nmap
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Network Mapping - zenmap
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Network Mapping - zenmap
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Network Mapping - netifera
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Network Mapping - netifera
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Port Scanning
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Port Scanning - nmap
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Port Scanning - Zenmap + Intense scan, all TCP ports
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Enumeration
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Banner grabbing - netcat
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Banner grabbing – httprint
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Banner grabbing – whatweb
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester HTTP Options - netcat
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Source code exploration - Mantra
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Source code exploration - wget
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Source code exploration - wget
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Source code exploration - wget
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Source code exploration - wget
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Links exploration – list-urls.py
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Links exploration – list-urls.py
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Links exploration – manual
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Vulnerabilities Identification
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – nikto
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – nikto
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – nikto - evidence
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – nikto - evidence
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – nikto - evidence
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – OWASP Dirbuster
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – OWASP Dirbuster
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – OWASP Dirbuster
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – Nessus
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – Nessus
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – Nessus
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Identification – Netsparker
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Vulnerabilities Assessment
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Assessment – Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Assessment – Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Assessment – Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Assessment – SQLi
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Assessment – Apache CVE-2011-3192
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Vulnerabilities Assessment – XSS
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Exploitation
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – Wordpress - Structure - DataBase
http://codex.wordpress.org/Database_Description
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – Wordpress Structure - DataBase
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – Wordpress - Structure - DataBase
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – Wordpress - Structure - DataBase
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= Detection
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= order by
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= Identification
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= db version
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= user
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= database
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= dump users
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= dump users
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= hash cracking
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= SQLi evasion
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= hex encode
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= SQLi evasion
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= ascii encode
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= SQLi evasion
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= /etc/group
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= /etc/hosts
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= /etc/fstab
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – SQLi - > cat= /etc/my.cnf
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap - banner
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – usuario actual
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – DB actual
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – usuario es dba?
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – usuarios
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – usuarios
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – crack mysql hash
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – crack mysql hash
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – crack mysql hash - HashCat
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Bases de Datos
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Tablas
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Columnas
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Dump datos
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Leer archivos
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Leer archivos - /etc/passwd
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Leer archivos - httpd.conf
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Leer archivos - httpd.conf
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Leer archivos - wp-config.php
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – sqlmap – Leer archivos - wp-config.php
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – Apache CVE-2011-3192
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – Apache CVE-2011-3192
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – Apache CVE-2011-3192
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Exploitation – XSS
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester
Privilege Escalation
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - Wordpress
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation – PHP Backdoor
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation – reverse shell
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - CVE-2010-3904
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - CVE-2010-3904
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - CVE-2010-3904
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester Privilege Escalation - CVE-2010-3904
@ElHackLab @Autodidactas_Co #ElHackLab
Professional Penetration Tester got root?
@ElHackLab @Autodidactas_Co #ElHackLab