Just another writeup for another boot2root Vulnhub Challenge. This one is great to test out different types of exploitation techniques.
Part of the OSCP preparation VMs from vulnhub, Kioptrix is a boot to root challenge series. While travelling 6 hours in an intercity bus, without any access to internet, I took upon myself to attempt solving as many Kioptrix levels as possible. Turns out it was super hard with the enormous number of errors I faced during compilation of any of the exploits that I wanted.
Generally ISPs have been very ignorant towards their security, resulting in requirement of the government to enforce policies that would be required ISPs and Telecom Operators to provide the end users a secure and a private communication network. However, due to issues with money, ISPs prefer to relax on most of the security issues or end up hiring firms with external consultants with no idea on how to secure a Telecom Infrastructure. This is the exact reason people would require to audit their own ISPs and make a note of the vulnerabilities. The specific configurational vulnerabilities that would be mentioned in this blog results in not only of an attacker to gain credentials to access internet, but he is also capable of doing crazy number of things while sitting on the same network. The network of this ISP has been the same for more than 2 years now.
The concept of Plug and Prey: Malicious USB Devices device by Irongeek at Shmoocon, bad usb by Karsten Nohl at Blackhat or the Rubber ducky by Hak5, these are super interesting concepts that are leveraged at every Red Team enagement that is conducted by a Red Team Operator. Any such exploitation requires good amount of social engineering. I recommend people should have exhausted every possible trick in the book to compromise from the external network of the organization before attempting to breach physical security.
A new night, and a new virtual image to break. Hah! Sound fun.
We begin Hackday Albania, the usual way, by setting up Virtual box, on host-only mode.
We launch our nmap with the following command
Just another attempt on trying a different UI for blogging, I have chosen Alpha-Dust theme on Hexo. While I hope to port the contents from my older blog, would not mind if people visited that to check out my blog.