• Posts
Hey, Welcome
Api Penetration Testing
• OWASP API10 via VAPI
Privilege Escalation
• Linux
  • Sudo Exploitation
• Windows
  • Setting Up a lab
  • Service Misconfiguration
Vulnhub walkthrough
Toolkit
• Accesschk.exe

Escalating Privileges with Sudo

Sudo is a powerful command in Linux that allows users to run commands with elevated privileges. When properly configured, sudo can help ensure system security by enabling users to perform only authorised tasks and preventing unauthorised changes to system files. However, if not configured correctly, sudo can be exploited to escalate privileges and gain access to sensitive system files. In this article, we’ll take a deep dive into sudo and explore some common privilege escalation techniques that attackers can use to exploit sudo.

Monday, May 15, 2023 Read

OWASP API Security Top 10 via VAPI Walkthrough

According to a Gartner report in 2020 APIs account for 90% of the attack surface and are the most frequent attack vector. APIs often handle sensitive data, such as personal information, financial data, and intellectual property. If an API is not properly secured, this data can be easily accessed and stolen by hackers. In fact, some of the recent big data breaches have been due to under-protected APIs. In this blog post, I am going to discuss OWASP top 10 API 2019 vulnerabilities by using VAPI.

Friday, April 28, 2023 Read

Service Misconfiguration

Privilege escalation is a common technique used by penetration testers to test unauthorised access to a system. One way to achieve privilege escalation is through service misconfigurations in Windows. A service is a program that runs in the background on a Windows system, and it can have a variety of functions such as managing network connections, printing, or running scheduled tasks. Services can be configured to run under different user accounts, and some may have higher privileges than others.

Thursday, February 23, 2023 Read

Windows Privilege Escalation lab

A Step-by-Step Guide When it comes to privilege escalation, the biggest obstacle learners face is where to practice. Most of the time, this is a step that comes after performing all other steps like reconnaissance, scanning, and gaining low privilege user access. When I was looking to better understand privilege escalation, I wanted a lab where I could practice this step alone, without having to go through different steps to gain low privilege user access.

Thursday, February 16, 2023 Read

Accesschk.exe

Access Control and Privilege Escalation: Understanding Accesschk.exe Accesschk.exe, part of the Sysinternals Suite, is a command-line utility that checks the access rights of files, registry keys, and other resources in Windows. Here are some examples of commands to check access rights: Report effective permissions on a file: accesschk.exe -e c:\example.txt Check explicit permissions on a registry key: accesschk.exe -k HKEY_LOCAL_MACHINE\SOFTWARE\example Check inherited permissions on a service: accesschk.exe -i -s example Check effective permissions on a file for a specific user: accesschk.

Wednesday, February 15, 2023 Read

Penetration Testing Blog!

Welcome Are you fascinated by the world of cybersecurity and the art of penetration testing? Look no further! Here, I document my journey as a penetration tester as I solve online cybersecurity challenges and share my knowledge and experiences with the community. This journey is not only a way for me to learn more about the field, but also an opportunity for me to help others learn and grow in their understanding of cybersecurity.

Thursday, January 19, 2023 Read