c0dehouseLearn, Share, Hack2017-06-15T00:56:41.843Zhttp://n0tty.github.com/Tanoy Bose <legendtanoybose@gmail.com>HexoEnterprise Offense: IT Operations [Part 1] - Post-Exploitation of Puppet and Ansible Servershttp://n0tty.github.com/2017/06/11/Enterprise-Offense-IT-Operations-Part-1/2017-06-11T15:26:34.000Z2017-06-15T00:56:41.843Z
<h2 id="Introduction"><a href="#Introduction" class="headerlink" title="Introduction"></a>Introduction</h2><p>Confusion generally prevails while hacking an infrastructure that is not integrated with Active directory. Lateral movement is generally dependent on password spraying and common vulnerability availability. This blog will touch upon IT Operators tools - Puppet and Ansible - that is used to automate the process of managing these non-domain systems as well as cover the topic on how a hacker (or pentester) could utilize these tools to laterally move in the environment.<br>
Vulnhub: Pluck 1http://n0tty.github.com/2017/03/12/Vulnhub-Pluck/2017-03-12T12:06:35.000Z2017-03-16T12:09:43.015Z
<h2 id="Introduction"><a href="#Introduction" class="headerlink" title="Introduction"></a>Introduction</h2><p>Just another writeup for another boot2root Vulnhub Challenge. This one is great to test out different types of exploitation techniques.</p>
Vulnhub - OSCP Series - Kioptrix Level 1http://n0tty.github.com/2017/02/25/kioptrix-1/2017-02-25T18:29:37.000Z2017-02-27T09:45:35.168Z
<h2 id="Overview"><a href="#Overview" class="headerlink" title="Overview"></a>Overview</h2><p>Part of the OSCP preparation VMs from vulnhub, Kioptrix is a boot to root challenge series. While travelling 6 hours in an intercity bus, without any access to internet, I took upon myself to attempt solving as many Kioptrix levels as possible. Turns out it was super hard with the enormous number of errors I faced during compilation of any of the exploits that I wanted.</p>
All your creds are belong to us: Hacking an ISP for fun and internethttp://n0tty.github.com/2017/02/25/ISP-Hacking/2017-02-25T04:06:14.000Z2017-02-27T11:19:16.848Z
<h2 id="Introduction"><a href="#Introduction" class="headerlink" title="Introduction"></a>Introduction</h2><p>Generally ISPs have been very ignorant towards their security, resulting in requirement of the government to enforce policies that would be required ISPs and Telecom Operators to provide the end users a secure and a private communication network. However, due to issues with money, ISPs prefer to relax on most of the security issues or end up hiring firms with external consultants with no idea on how to secure a Telecom Infrastructure. This is the exact reason people would require to audit their own ISPs and make a note of the vulnerabilities. The specific configurational vulnerabilities that would be mentioned in this blog results in not only of an attacker to gain credentials to access internet, but he is also capable of doing crazy number of things while sitting on the same network. The network of this ISP has been the same for more than 2 years now.</p>
The Red Team's Ratatouillehttp://n0tty.github.com/2016/11/30/Red-Team-Ratatouille/2016-11-29T22:17:03.000Z2016-12-04T15:52:22.330Z
<h3 id="begin-Introduction"><a href="#begin-Introduction" class="headerlink" title=":begin Introduction"></a>:begin Introduction</h3><p>The concept of <a href="http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices">Plug and Prey: Malicious USB Devices</a> device by Irongeek at Shmoocon, <a href="https://srlabs.de/projects/badusb/">bad usb</a> by Karsten Nohl at Blackhat or the <a href="https://hakshop.com/products/usb-rubber-ducky-deluxe">Rubber ducky</a> by Hak5, these are super interesting concepts that are leveraged at every Red Team enagement that is conducted by a Red Team Operator. Any such exploitation requires good amount of social engineering. I recommend people should have exhausted every possible trick in the book to compromise from the external network of the organization before attempting to breach physical security.<br>
Vulnhub: Hackday Albaniahttp://n0tty.github.com/2016/11/24/Vulnhub-Hackday-Albania/2016-11-23T19:46:11.000Z2017-03-16T12:30:45.943Z
<p>A new night, and a new virtual image to break. Hah! Sound fun.</p>
<p>We begin Hackday Albania, the usual way, by setting up Virtual box, on host-only mode.</p>
<h3 id="Enumeration"><a href="#Enumeration" class="headerlink" title="Enumeration"></a>Enumeration</h3><p>We launch our nmap with the following command<br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">n0tty@c0ffee$ nmap -A 192.168.56.101</div></pre></td></tr></table></figure></p>
A new beginninghttp://n0tty.github.com/2016/11/23/A-new-beginning/2016-11-23T13:48:55.000Z2016-12-04T05:43:07.299Z
<p>Just another attempt on trying a different UI for blogging, I have chosen <a href="https://github.com/klugjo/hexo-theme-alpha-dust" targe