Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @rana__khalil
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rana__khalil
-
Prikvačeni tweet
#2020Goals 1. OSCP cert - I feel like I'm finally getting a grasp on the material and can get it done in the next 4 months. 2. AWAE cert - This is the cert that I actually want, but can't justify registering into until I get the OSCP. It's going to be a tough year!#bismillahHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Looking at my HTB schedule for this week: 1. Safe - Easy (I started working on this and it's definitely not an easy box) 2. Kotarak - Hard 3. Jail - Insane lol. This week will be fun.
#15boxesleftpic.twitter.com/vst3VzXN18Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
@gloucesteraptor I remember this question coming up in our study group. The blog shows how to enumerate every character of the hashed password using a blind SQLi. I knew this was possible, but I've never exploited it. So this was pretty cool
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
4/ The manual exploitation of the blind SQLi vulnerability using a python script that I got from watching
@ippsec's video is pretty cool though. I included it in the Extra Content section of the blog.Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
3/ This is probably the longest blog I've written so far. You had to chain 7 vulnerabilities and after gaining initial access, you had to pivot to two other users before you can escalate privileges to root.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
2/ Privilege Escalation - security misconfigurations of user group permissions. As usual, improvements/corrections are always welcome :)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
1/ The 31st HTB box I solve in preparation for the OSCP. Initial Foothold - verbose error message + blind SQLi + PHP type juggling vulnerability + lack of input validation on upload functionality + cleartext creds + reuse of credshttps://medium.com/@ranakhalil101/hack-the-box-falafel-writeup-w-o-metasploit-22778580d309?source=friends_link&sk=975e7d3a05bf4fc0be81714f49d0d262 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rana Khalil proslijedio/la je Tweet
I remember when I first started in InfoSec looking for black hacker profiles on Instagram and being disappointed I couldn’t find many. That moment inspired me to show my face whenever I get the opportunity to show the world we exists.

It’s hard to be what you can’t see.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The 30th HTB box I solve in preparation for the OSCP. Initial Foothold - XXE injection + lack of input validation on user supplied input into the pickle serialization library. Privilege Escalation - Root RSA private key in git history.https://medium.com/@ranakhalil101/hack-the-box-devoops-writeup-w-o-metasploit-afa7d5952117?source=friends_link&sk=dd991ffcf647caa6262609fa6df38832 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
@thryb this is the box I was referring toPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Privilege Escalation - weak creds + hard coded creds + security misconfiguration of Linux capabilities on openssl binary that allowed us to modify the /etc/shadow file and escalate our privileges to root. As usual, corrections / improvements are always welcome :)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
1/ The 29th HTB box I solve in preparation for the OSCP. Initial Foothold - security misconfiguration of linux capabilities on tcpdump binary that allowed us to dump traffic on all network interfaces and intercept credentialshttps://medium.com/@ranakhalil101/hack-the-box-lightweight-writeup-w-o-metasploit-855a5fcf7b82?source=friends_link&sk=ff9b865618de15f707da2730df7a5433 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
4/ Mind you that before yesterday, I didn't know that linux capabilities was a thing, so my understanding of it is a bit weak.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
3/ So my question is: why am I allowed to read and modify the /etc/shadow file using this misconfiguration but when I try to send a reverse shell back to my attack machine, I get it with the privileges of the current user, not the root user?
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
2/ From my understanding, this means that openssl binary has ALL the capabilities permitted (p) and effective (e). So it's almost as equivalent as having the suid bit set.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
1/ Can someone explain to me how this works. I have an openssl binary that has the "ep" linux capability assigned to it. So the command "getcap -r / 2>/dev/null" would give me the following result: openssl =ep
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I don't know why, but I laughed so hard at the sudo comic

I can't wait for this video to be out!https://twitter.com/ippsec/status/1221184473238208517 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The 28th HTB box I solve in preparation for the OSCP. Initial Foothold - FTP anon login + cleartext creds Privilege Escalation - RCE vuln associated with H2 database version that was being run with root privilegeshttps://medium.com/@ranakhalil101/hack-the-box-hawk-writeup-w-o-metasploit-da80d51defcd?source=friends_link&sk=ce7d99ab247b8aa135f44712d9b0bc00 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rana Khalil proslijedio/la je Tweet
A thread about my ego and how we can better serve in our industry. Story time... 1/9
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The 27th HTB box I solve in preparation for the OSCP. Initial Foothold - vsftpd 2.3.4 backdoor Privilege Escalation - Loose permissions and insecure storage of Certificate Authority (CA) key + LFI + security misconfiguration of scheduled task.https://medium.com/@ranakhalil101/hack-the-box-lacasadepapel-writeup-w-o-metasploit-214ce13e5ed?source=friends_link&sk=6e3fba215d1495deacb1b7236eb33333 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rana Khalil proslijedio/la je Tweet
Starting to put together a Linux Privesc Video. Can anyone spot something non-network that I'm missing? - Recon (linPEAS/LinEnum) - Sudo - Permission Overview (file writes - sshKey/cron) - SetUID - Kernel - Cron - Network [mysql, postgres, erlang cookie (couchDb)]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.