For the this two-part post on Linux Privilege Escalation, we will be exploring how to abuse binaries that have either the SUID and/or SGID bit turned on.| Juggernaut Pentesting Blog - A blog to help others achieve their goals in Cyb...
In this post, we will be continuing with Part-2 of NetBIOS and SMB enumeration. I highly suggest you read Part-1 before continuing with this post, as we will be continuing right where we left off. In Part-2 of this post, we are going to continue from the scenario at the end of Part-1 where we […] The post AD Recon – NetBIOS (137/138/139) and SMB (445) Part-2 first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this two-part post on AD Recon, we will review various tools that can be used to enumerate the NetBIOS (UDP port 137/138 | TCP port 139) and SMB (TCP port 445) services. To begin, we will learn about the NetBIOS and SMB services, how they tie together, as well as how they are useful for domain […] The post AD Recon – NetBIOS (137/138/139) and SMB (445) Part-1 first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this post, we will look at a few tools that we can use to enumerate MSRPC over SMB through UDP port 135, as well as TCP ports 135, 139, and 445. We will start by learning about MSRPC, NetBIOS and SMB as well as how all three services tie together. Enumeration will begin with […] The post AD Recon – MSRPC Over SMB (135/139/445) first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this post, we will look at a few different tools that we can use to enumerate the MSRPC service running on TCP/UDP port 135. We will start with a brief introduction on MSRPC as well as a high level overview of how it works. From there, we will perform an nmap scan on a […] The post AD Recon – MSRPC (135/539) first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this Walkthrough, we will be hacking the machine Cascade from HackTheBox. To begin, we will quickly find that we are able to dump information from LDAP using an anonymous session. During our LDAP enumeration, we will create a list of all the users on the system, determine which users are “high targets” based on […] The post HackTheBox – Cascade first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this post, we will go over various techniques that allow us to perform file transfers from our attacker machine onto a victim Linux host (download), as well as from a victim Linux host back onto our attacker machine (upload). As hackers, we constantly find the need to drop tools onto our victim or the […] The post Linux File Transfers for Hackers first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this post, we will be continuing with Part-2 on how to escalate privileges by abusing the sudo binary / privilege. If you have not checked out Part-1 yet, I strongly suggest starting there before reading this post. In Part-2, we will shift our focus over to more advanced exploitation topics, such as: Abusing intended functionality (binaries not found […] The post Sudo Part-2 – Linux Privelege Escalation first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
For this two-part post on Linux Privilege Escalation techniques, we will be deep-diving into the various ways to exploit the sudo binary / privilege. This post ended up being longer than I had originally anticipated, so I had to split it into two parts. In Part-1, we will begin by manually enumerating sudo privileges for […] The post Sudo Part-1 – Linux Privilege Escalation first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this post, we will explore how an attacker can escalate privileges from a standard user to root by exploiting the Fail2Ban service. We will begin by learning what Fail2Ban is, how it works, and which configuration files are important for an attacker to know about. From there, we will learn about two specific conditions […] The post Fail2Ban – Linux Privilege Escalation first appeared on Juggernaut Pentesting Blog.| Juggernaut Pentesting Blog
In this post, we will be continuing with the second part of the two-part post on escalating privileges by abusing SUID and SGID permissions.| Juggernaut Pentesting Blog - A blog to help others achieve their goals in Cyb...
Welcome to Juggernaut-Sec, your one-stop destination for learning ethical hacking! Our blog is a great place to start, with free training and tips on...| Juggernaut Pentesting Blog - A blog to help others achieve their goals in Cyb...
We will see how six different capabilities can be leveraged by an attacker to obtain Linux Privilege Escalation to root: cap_setuid, cap_chown, and more!| Juggernaut Pentesting Blog - A blog to help others achieve their goals in Cyb...
