The Bresleveloper

The task at hand - a form, when filled, creates a post at [all] social networks, this blog is about twitter and pinterest.

Part 1 - prepare the image Twitter needs "file content" in its media field, while pinterest needs an image url open to the public. So [1st flow] was in OneDrive folder for those uploaded images, sending back the image ID to be used in the form. Can take a few minutes, sent to mail (better to send with the image).
The twitter account will create the public url for the image.
Part 2 - the form Most simple form, Title, Content and image id into [2nd flow] a Sharepoint list. If you're sure you're never going to use more than 255 characters you can just use the title (i dont like to extend title fields characters limit).
Part 3 - to the social media Next [3rd flow] when the SPItem is created, I use OneDrive "Get file content" for the file content and the "Title - Content" for the text, and post a new tweet. I then query tweets as &…

~ This is not a technical post, its a story post.
~ A story to whom just like stories, or to whom like to learn some lessons, and especially to anyone that wants to become a hacker.

Lately (like 6 last months) i'm starting to really go into hacking, it always interested me, but i could never find the time, plus, there was always another challenge @work like the new Angular.

But with time and effort, payment has become bigger, and with it my time.

And the 1st thing was how... from some videos and many SQL injections or XSS, DVWA ect. I didnt feel i'm learning anything other then extra web security.

Finally i found OverTheWire website, and finally i learn some "real" things, linux, php, memory, crypto, ssh, ect., all basics that I, as a web-programmer, had no clue. Only the web-based challenges were "natural" for me.

I can say that there I learned lesson no.1 - LEARNING.
In the world of hacking, you must be a weary-less learner, new things every time again, a…

today we are going to have some fun understanding the full potential of File Inclusion attacks.

my goals for today

1. a few words, Disclaimer, Lab, and links.
2. Web Shells intro with DVWA
3. How to complete the File Inclusion challenge in the new DVWA
4. Metasploit



1. a few words, Disclaimer, Lab, and links.


DISCLAIMER - if you do what i teach you today you WILL go to jail. so dont do this outside of your lab.

Setting up the lab -
For a hacking lab download either VirtualBox or VMWare, or, if you own win10pro, you have Hyper-V. With those you can create virtual machines, and you will need 2 today, one with DVWA, and another as the attacker, which for ease better be kali, download machines from osboxes.

For DVWA you can either download Metasploitable 2 or set up dvwa in some machine.
In my case i just turned them both on an internal network, so they can see each other but no internet (might need to set up DHCP if you dont have any ip).

For basic help about solving dvwa's file inclu…

for anyone trying today to install DVWA, thing changed a little, took me a while to get it working, so here it is:

IMPORTANT - su if you are not root user (i.e. not kali)

1. download the latest version 

to get it working with MariaDB and PHP v7.x

wget https://github.com/ethicalhack3r/DVWA/archive/master.zip && unzip master.zip

unzip under /var/www/html, rename folder to dvwa


2. config file

cd /var/www/html/dvwa/config
cp config.inc.php.dist config.inc.php
gedit config.inc.php

create captcha keys
https://www.google.com/recaptcha/intro/index.html
and set in $_DVWA[ 'recaptcha_public/private_key' ]

start at low difficulty

$_DVWA[ 'default_security_level' ] = 'low';

you need to clean cookies if the dvwa was running

3. set user in MariaDB

sudo service mysql start
mysql -u root -p

db commands...

mysql > create database dvwa;
mysql > CREATE USER dvwa@localhost IDENTIFIED BY 'p@ssw0rd';
mysql > grant all on dvwa.* to dvwa@localhost;
mysql > flush privilege…

the challenge is like this, i have the attacker machine (A), which connect with ssh client to another machine (B), which run ssh server (daaa...), these 2 are connected to the internet, but (B) is also connected to an internal network, and there there is a WIN10 machine (C), NOT connected to the internet but to (B) as said.

we will use the help of ssh, ShellTer to try also do it with windows defender on.

to succeed we will try to do this from bottom to top.

*DISCLAIMER - all this is illegal, and you may only do it at your lab, if you hack really you will go to jail.

*BIG NOTE : sometimes stuff just dont work, restarting (not power off) the machines, and the services refreshes stuff and then they work.


PLAN

1. prepare lab
2. test exploit on xp
3. test 3 machines ssh with 3 linux
4. exploit xp via ssh
5. exploit win10
6. test ssh with win 10
7. exploit win10 via ssh





1. preparing lab

using VBox (doesnt matter) i will create 4 machines, an arbitrary linux for ssh server, winXP for testings,…

1. right-click on the machine -> settings -> network -> choose NAT -> expand advnaced ->
choose "PCnet-FAST III(...)"

2. run cmd -> "inetcpl.cpl" -> advanced -> enable "use TLS 1.0"

3. open IE -> go to "www.bing.com" -> search "download firefox/chrome" -> do the usual with choosing "Yes" a zillion times every time he complains about the certificate.

-chrome do all kinda troubles sometimes with xp

4.1 with chrome and browse to "www.google.com", in the error screen click advanced -> proceed.

4.2 with firefox, just browse and enjoy

P.S. - if you have bridged connection problems try to change MAC