2014-01-24

//

[Review] Offensive Security Wireless Attacks (WiFu) & Offensive Security Wireless (OSWP)

The views and opinions expressed on this site are those of the author. Any claim, statistic, quote or other representation about a product or service should be verified with the seller, manufacturer or provider.

A few months back, I took Offensive Security's online course WiFu course & exam OSWP, as I had written up a review for PWB/OSCP & CTP/OSCE, I thought I would do this too. As always, everything in this post is both personal comments and my own experience with the course.



Read More

2013-08-16

//

[Review] Cracking the Perimeter (CTP) & Offensive Security Certified Expert (OSCE)

The views and opinions expressed on this site are those of the author. Any claim, statistic, quote or other representation about a product or service should be verified with the seller, manufacturer or provider.

It's been a while (just shy of two years) since I did "Penetration Testing with BackTrack (PWB) & Offensive Security Certified Professional (OSCP)".  Over the last couple of weeks I've taken the next step with Offensive Security's training course – "Cracking the Perimeter (CTP)", which, when successfully passed, gives you "Offensive Security Certified Expert (OSCE)" certificate.  Below are my thoughts & feelings regarding my overall experience of the course.


Read More

2012-09-19

//

[Video] pWnOS 2 (PHP Web Application)

Links

Watch video on-line: *Temporarily Disabled*
Download video: http://download.g0tmi1k.com/videos_archive/pWnOS_2_(PHP).mp4

Overview

This is the second release in the "pWnOS" vulnerable machine collection, however, it has a different creator from the previous one (which explains why it has a different "feel" to it). As always with "boot2root" machines, it has purposely built "issues" allowing for the machine to become compromised, with the end goal being to become the super user, "root". This method uses a vulnerability in a PHP web application (see here for exploiting via SQL injection).


Read More
//

[Video] pWnOS 2 (SQL Injection)

Links

Watch video on-line: *Temporarily Disabled*
Download video: http://download.g0tmi1k.com/videos_archive/pWnOS_2_(SQL).mp4

Overview

This is the second release in the "pWnOS" vulnerable machine collection, however, it has a different creator from the previous one (which explains why it has a different "feel" to it). As before, it has purposely built in "issues" allowing the machine to become compromised. This method uses a SQL injection flaw (see here for exploiting the PHP web application). As always with "boot2root" machines, the end goal is to become the super user, "root".


Read More

2012-09-14

//

[Video] 21LTR - Scene 1

Links

Watch video on-line: *Temporarily Disabled*
Download video: http://download.g0tmi1k.com/videos_archive/21LTR_-_Scene_1.mp4

Overview

21ltr is another boot2root collection, with its own unique twist. It has various 'issues' with the operating system, which have been purposely put in place to make it vulnerable by design. The end goal is to become the 'super user' of the system (aka 'root'). There is an optional stage afterwards, in which the user can try and find the 'flag', proving (to themselves) that they successfully completed it.



Read More

2012-09-03

//

[Video] Stripe CTF 2.0 (Web Edition)

Links

Watch video on-line: *Temporarily Disabled*
Download video: http://download.g0tmi1k.com/videos_archive/StripeCTF2.0.mp4


Stripe hosted another 'Capture the Flag' (CTF) event. They previously did one back in February 2012 which contained 6 flags - however they were back with the 'web edition' going from level 0 to level 8 covering a range of web attacks. This is how I did it.

Please note: The event is now over. If you wish to do this yourself, you will have to download the code and do it offline.


Read More

2012-02-19

//

[Video] Kioptrix - Level 4 (Local File Inclusion)

Links

Watch video on-line: *Temporarily Disabled*
Download video: http://download.g0tmi1k.com/videos_archive/Kioptrix_-_Level_4_(Local_File_Inclusion).mp4

Brief Overview

Kioptrix is a "boot-to-root" operating system which has purposely designed weakness(es) built into it. The user's end goal is to interact with system using the highest user privilege they can reach.

There are other vulnerabilities using different techniques to gain access into this box such as breaking through a limited shell as well as backdooring via MySQL injection.


Read More