Penetration Testing

Offensive Security Certified Expert (OSCE) Experience

Offensive Security Certified Expert (OSCE) Experience

Penetration Testing, Security
Offensive Security's CTP (Cracking the Perimeter) is a more advanced training for penetration testing leading to Offensive Security Certified Expert if the 48-hour exam is cleared. The course is basically offered similarly to how Penetration Testing with Kali leading to Offensive Security Certified Professional is set. The difference however is that the course for PWK gives a student access to a corporate network where one can work his/her way into getting into each machine through various techniques while CTP on the other hand concentrates more on discovering unknown vulnerabilities. To make the story short, PWK-OSCP's outcome is for a student being able to do practical penetration testing through methods starting from information gathering up to post exploitation while CTP-OSCE's ...
SickOS 1.2 Walkthrough

SickOS 1.2 Walkthrough

Penetration Testing, Security
Since I have managed to put down SickOS 1.1, I guess the next challenge would be visiting SickOS 1.2. After setting up the machine through VMWare, an initial Nmap scan towards 192.168.209.161 (Address of SickOS 1.2) has shown the following output: By the results shown, only two TCP ports were open. One SSH and another one is an HTTP service. Firing up Mozilla in Kali and typing in the IP address 192.168.209.161 should give us this output: The next things to do were: Check robots.txt (Not found) Check source code of web page (Nothing really useful) Use dirb Use HTTP Nmap scripts against the main directory (Nothing really useful)   Looking at the HTTP headers when browsing the website, it was also found that the server was using lighttpd 1.4.28 (als...
SickOS 1.1 Walkthrough

SickOS 1.1 Walkthrough

Penetration Testing, Security
SickOS 1.1 Walkthrough After finishing PWK and achieving OSCP, my brain started to look for more machines to play with which led me to download SickOS 1.1. So after setting up the machine through VMWare, an initial Nmap scan towards 192.168.209.160 (Address of SickOS 1.1) shows the following output: By the results shown, only two TCP ports are open. One SSH and another is actually an HTTP proxy so let's configure Firefox to the proxy port 3128: Once Firefox has been configured with the settings, typing in the IP address of SickOS 1.1 in the browser should present us with the image below: Oooh. I see some trolling here. When doing penetration testing, I've learned to organize my own methodology or 'steps' in doing information gathering so the first thing that I did w...
Offensive Security Certified Professional (OSCP) Experience

Offensive Security Certified Professional (OSCP) Experience

Penetration Testing, Security
Offensive Security's PWK (Penetration Testing with Kali Linux) is definitely a good way to challenge yourself in the field of cyber security. It's a course that is purely hands-on with a gruesome 24-hour exam to get certified. You'll get access to a corporate network created by the Offensive Security team where the goal is to hack machines through penetration testing methodologies. To continue, before even explaining what I went through to achieve this, let me share a little background of myself. Experiences before getting into PWK Timeline 2015 I finished my bachelor's degree in Computer Engineering. At this point, I had the following skills rated as: 3 - Could work with it comfortably. 2 - Could work with it with Google's help. 1 - Could understand the terms and...
Hacking Kioptrix 2014

Hacking Kioptrix 2014

Penetration Testing, Security
I previously thought there were only 4 Kioptrix levels until I found Kioptrix 2014. For this test, the following are the things that you'll need: Kioptrix 2014 (A vulnerable system) Kali Virtual Box / VMWare Spoiler alert! If you’re trying to practice hacking in a controlled environment, I suggest downloading Kioptrix 2014 or any other vulnerable machine from VulnHub, close this page, and do your own attack. Come back if you’re a bit lost or just need a guide. I won’t be discussing how you can setup your virtual environment here. You just need to install Kali and Kioptrix 2014 then you’re ready. Please note that we have Kali and Kioptrix in the same local network. Boot up Kioptrix 2014 and you’ll be welcomed with this screen: The goal of the exercise is still th