>>11I'm still learning, but I'm really into web security at the moment, but I've been doing random labs to learn about all sorts of shit.
I like file inclusion and directory traversal and file upload vulnerabilities because then it's easy to spawn an unprivileged reverse shell after running a netcat listener in a Kali VM and then find out the kernel version to then do some sort of privilege escalation stuff like dirtycow.
But I'll often just do enumeration and nmap service scanning to find the versions of software running on a lab (I only do legal labs, I'm not a malicious hacker) and then use searchsploit/exploit-db to find payloads. It's fun to read over the source code of exploits and then you can change them yourself. Some are even intentionally wrong to stop skiddies, and also some require configuration.
Right now I am stuck on a lab that has a buffer overflow vulnerability and there's a python script available for it on exploit-db, but it crashes the server when I run it, so I need to change it somehow.
But aside from hacking, finding publicly available devices is also interesting, like on shodan or even google dorking. Lots of security cameras, printers, things like that. Sometimes with no login required at all. Hell, there are even lots of Amazon S3 buckets that are public. Or on GitHub, people upload API tokens because they couldn't be bothered to put them in a separate config file and then use their .gitignore so it wouldn't get uploaded to their public repository.
I've also been playing around with metasploit, but it's honestly not that fun or interesting because all you do is load modules and then use the exploit command. You often just set rhost and rport and lhost and shit like that but it feels too abstracted away from the security concepts. I think it's more fun to compile an exploit or run a python script that you have to read over and configure instead of just loading some metasploit module and then it does all the heavy lifting for you, so to speak.
In summary, I'm all over the place but security is really fascinating.
What about you?
Edited on 04/11/2018 04:30.
>>11
I'm still learning, but I'm really into web security at the moment, but I've been doing random labs to learn about all sorts of shit.
I like file inclusion and directory traversal and file upload vulnerabilities because then it's easy to spawn an unprivileged reverse shell and then find out the kernel version to then do some sort of privilege escalation stuff like dirtycow.
I like file inclusion and directory traversal and file upload vulnerabilities because then it's easy to spawn an unprivileged reverse shell after running a netcat listener in a Kali VM and then find out the kernel version to then do some sort of privilege escalation stuff like dirtycow.
But I'll often just do enumeration and nmap service scanning to find the versions of software running on a lab (I only do legal labs, I'm not a malicious hacker) and then use searchsploit/exploit-db to find payloads. It's fun to read over the source code of exploits and then you can change them yourself. Some are even intentionally wrong to stop skiddies, and also some require configuration.
Right now I am stuck on a lab that has a buffer overflow vulnerability and there's a python script available for it on exploit-db, but it crashes the server when I run it, so I need to change it somehow.
But aside from hacking, finding publicly available devices is also interesting, like on shodan or even google dorking. Lots of security cameras, printers, things like that. Sometimes with no login required at all. Hell, there are even lots of Amazon S3 buckets that are public. Or on GitHub, people upload API tokens because they couldn't be bothered to put them in a separate config file and then use their .gitignore so it wouldn't get uploaded to their public repository.
I've also been playing around with metasploit, but it's honestly not that fun or interesting because all you do is load modules and then use the exploit command. You often just set rhost and rport and lhost and shit like that but it feels too abstracted away from the security concepts. I think it's more fun to compile an exploit or run a python script that you have to read over and configure instead of just loading some metasploit module and then it does all the heavy lifting for you, so to speak.↵
In summary, I'm all over the place but security is really fascinating.
What about you?