Rana Khalil  

@rana__khalil

Security Assessment Analyst. Working towards my OSCP. Speaker at BSides, ISSA, OWASP Ottawa & Hackfest. Tweets are my own and don't represent my employer.

Vrijeme pridruživanja: ožujak 2018.

Tweetovi

Blokirali ste korisnika/cu @rana__khalil

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rana__khalil

  1. Prikvačeni tweet
    1. sij

    1. OSCP cert - I feel like I'm finally getting a grasp on the material and can get it done in the next 4 months. 2. AWAE cert - This is the cert that I actually want, but can't justify registering into until I get the OSCP. It's going to be a tough year!

    Poništi
  2. Looking at my HTB schedule for this week: 1. Safe - Easy (I started working on this and it's definitely not an easy box) 2. Kotarak - Hard 3. Jail - Insane lol. This week will be fun.

    Poništi
  3. I remember this question coming up in our study group. The blog shows how to enumerate every character of the hashed password using a blind SQLi. I knew this was possible, but I've never exploited it. So this was pretty cool 😃

    Prikaži ovu nit
    Poništi
  4. 4/ The manual exploitation of the blind SQLi vulnerability using a python script that I got from watching 's video is pretty cool though. I included it in the Extra Content section of the blog.

    Prikaži ovu nit
    Poništi
  5. 3/ This is probably the longest blog I've written so far. You had to chain 7 vulnerabilities and after gaining initial access, you had to pivot to two other users before you can escalate privileges to root.

    Prikaži ovu nit
    Poništi
  6. 2/ Privilege Escalation - security misconfigurations of user group permissions. As usual, improvements/corrections are always welcome :)

    Prikaži ovu nit
    Poništi
  7. 1/ The 31st HTB box I solve in preparation for the OSCP. Initial Foothold - verbose error message + blind SQLi + PHP type juggling vulnerability + lack of input validation on upload functionality + cleartext creds + reuse of creds

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    25. lip 2019.

    I remember when I first started in InfoSec looking for black hacker profiles on Instagram and being disappointed I couldn’t find many. That moment inspired me to show my face whenever I get the opportunity to show the world we exists. 👨🏾‍💻💪🏽 It’s hard to be what you can’t see.

    Poništi
  9. 31. sij

    The 30th HTB box I solve in preparation for the OSCP. Initial Foothold - XXE injection + lack of input validation on user supplied input into the pickle serialization library. Privilege Escalation - Root RSA private key in git history.

    Poništi
  10. 28. sij

    this is the box I was referring to

    Prikaži ovu nit
    Poništi
  11. 28. sij

    Privilege Escalation - weak creds + hard coded creds + security misconfiguration of Linux capabilities on openssl binary that allowed us to modify the /etc/shadow file and escalate our privileges to root. As usual, corrections / improvements are always welcome :)

    Prikaži ovu nit
    Poništi
  12. 28. sij

    1/ The 29th HTB box I solve in preparation for the OSCP. Initial Foothold - security misconfiguration of linux capabilities on tcpdump binary that allowed us to dump traffic on all network interfaces and intercept credentials

    Prikaži ovu nit
    Poništi
  13. 27. sij

    4/ Mind you that before yesterday, I didn't know that linux capabilities was a thing, so my understanding of it is a bit weak.

    Prikaži ovu nit
    Poništi
  14. 27. sij

    3/ So my question is: why am I allowed to read and modify the /etc/shadow file using this misconfiguration but when I try to send a reverse shell back to my attack machine, I get it with the privileges of the current user, not the root user?

    Prikaži ovu nit
    Poništi
  15. 27. sij

    2/ From my understanding, this means that openssl binary has ALL the capabilities permitted (p) and effective (e). So it's almost as equivalent as having the suid bit set.

    Prikaži ovu nit
    Poništi
  16. 27. sij

    1/ Can someone explain to me how this works. I have an openssl binary that has the "ep" linux capability assigned to it. So the command "getcap -r / 2>/dev/null" would give me the following result: openssl =ep

    Prikaži ovu nit
    Poništi
  17. 26. sij

    I don't know why, but I laughed so hard at the sudo comic 😆😆 I can't wait for this video to be out!

    Poništi
  18. 25. sij

    The 28th HTB box I solve in preparation for the OSCP. Initial Foothold - FTP anon login + cleartext creds Privilege Escalation - RCE vuln associated with H2 database version that was being run with root privileges

    Poništi
  19. proslijedio/la je Tweet
    25. sij

    A thread about my ego and how we can better serve in our industry. Story time... 1/9

    Prikaži ovu nit
    Poništi
  20. 24. sij

    The 27th HTB box I solve in preparation for the OSCP. Initial Foothold - vsftpd 2.3.4 backdoor Privilege Escalation - Loose permissions and insecure storage of Certificate Authority (CA) key + LFI + security misconfiguration of scheduled task.

    Poništi
  21. proslijedio/la je Tweet
    24. sij

    Starting to put together a Linux Privesc Video. Can anyone spot something non-network that I'm missing? - Recon (linPEAS/LinEnum) - Sudo - Permission Overview (file writes - sshKey/cron) - SetUID - Kernel - Cron - Network [mysql, postgres, erlang cookie (couchDb)]

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·