BLACK-FLAG 2018 CTF(Hacka-thon) by Sawan Bhan

Description: A realistic Boot2Root. Gain access to the system and read the /root/flag.txt

Note: Only works in VMware

Network: NAT/DHCP

Questions: @bhansawan

File: OVF

Difficulty to get entry: easy/intermediate

Difficulty to get root: intermediate/hard

The SCIIT's Server has just been attacked, the IT staff have taken down their windows server and are now setting up a Linux server running Debian. Could there a few weak points in the new unfinished server?

Hints: Remember to look for hidden info/files**

DOWNLOAD LINK :

Comments

Treat your online privacy as you would treat your Money"

"Treat your online privacy as you would treat your Money" Data breaches are common occurrences these days, with personal information routinely stolen or misused from social media, banks, retail outlets and other online sites. I shall give you a mantra!! Even if you are not an information security enthusiast. "The Mantra is to treat our online privacy as we would treat our money" By Sawan Bhan As an InfoSec guy i would always recommend the highest level of security to ensure our information does not fall into the wrong hands. I am going to share some tips to strengthen the safety and security of our online accounts to avoid being the victim of a data breaches. #NOTHING IS EVER TRULY DELETED# Every time when we are online, we are leaving a trail of an activity. From websites to online shoppi...

WHY IS CYBER SECURITY IMPORTANT?

WHY IS CYBER SECURITY IMPORTANT? Cyber Security is important because without any understanding or consideration of the issue you are waiting to be attacked. It may not happen now, or next week, but eventually you will be breached and you will have to deal with the fallout. In fact, in the last few years, cyber crime has grown at such a rapid rate it is now an issue all businesses should constantly be monitoring and managing. The latest “Cost of data breach study: Australia”, by IBM and the Ponemon Institute, concluded that in 2014 the likelihood of an Australian company or organisation experiencing a data breach involving at least 10,000 records had increased to 18 per cent over a 24 month period – that is, nearly one in five Australian companies or organisations will experience a serious data breach in the next two years. And this breach rate continues to grow. The problem is also growing rapidly in other Asia-Pacific nations. The Australian Institute of Criminology ...

LINUX PRIVILEGE ESCALATIONS BY SAWAN BHAN

WHAT IS PRIVILEGE ESCALATION? Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an OS or application to achieve an higher access to resources that are normally protected from an application or user. The result could lead to unauthorized actions. OBJECTIVE In this blog, we will talk in detail as what security issues could lead to a successful privilege escalation attack on any Linux based systems. Linux Permission Model Linux has inbred from UNIX the concept of ownership and permissions of files . File permissions are used to protect systems against malicious tampering. 1. In the above two screenshots, we can see that the file ‘p.txt’ only has read & write access by the owner ‘ root’ . 2. We can see the permission denied error when I tried reading the file when I tried to access as “ sawan ”. Security Professionals usually perform Privil...

Security and Privacy Are Not As Different As People Think

Search This Blog