Tunnel traffic through a compromised jump host to reach otherwise unreachable internal networks or hosts (pivot). As seen in network penetration testing environments.
prerequisite: access via SSH to jump host.
TARGET1 = jump host ; TARGET2 = jump target
set SSH dynamic port forward,
ssh -D1080 root@<TARGET1/>
Check locally that…
a niche remote code execution via deserialization on Apache Tomcat
i.e. versions pre-April 2020
Prerequisites to be vulnerable:
Buff is a Windows machine rated as “Easy” on HackTheBox weighed toward CVEs. Webshells, file transfers and SSH tunnel port forwarding.
After a quick scan for all ports, we see an Apache webserver with PHP on port 8080.
Nmap scan report for 10.x.x.x
Host is up (0.15s latency).
Not shown: 999 filtered…
An often unpracticed Red Team operation scenario involving malicious browser extensions.
For the testing team, the end result is a cloud-hosted C2 server with an operational CursedChrome deployment using Nginx reverse proxy for web session theft.
Penetration testing vs red teaming key takeaways & principles
One of the most frequently blogged about topics in the security industry is discussing the key differences and roles of a vulnerability assessment versus a penetration test. With the security industry evolving and organizations slowly adopting their own offensive security capabilities…
The deep web has been gaining mainstream attention and a multitude of blogs have been floating around about the things that could be found on the dark web. There is a lot of confusion over deep web vs. dark web; they are often used interchangeably. In essence the term “deep…