Sheeraz ali
cyber security researcher and web developer
$Whoami
Hey I am sheeraz
Chapter lead null bhopal
Chapter lead google dev group & facebook dev c
BCA II year student at BSSS
What are CTF's?
What are CTF's?
capture the flag competitions
some vulnerable machines are presented to us and we have to hack into them and get the flags some times root access as we are going to in our basic pentesting 1 ctf
Fields of security
- Red Team Penetration testing : Phishing , Wifi, Metasploit
- Black box single application tests : Bug Bounties
- Code audits : Swachlit project
- Consulting : Designing secure software architecture
- Crypto reviews : Complex Protocols
- Risk Analysis
- Developers
Fields of security
- Red Team Penetration testing : Phishing , Wifi, Metasploit
- Black box single application tests : Bug Bounties
- Code audits : Swachlit project
- Consulting : Designing secure software architecture
- Crypto reviews : Complex Protocols
- Risk Analysis
- Developers
Fields of security
- Red Team Penetration testing : Phishing , Wifi, Metasploit
- Black box single application tests : Bug Bounties
- Code audits : Swachlit project
- Consulting : Designing secure software architecture
- Crypto reviews : Complex Protocols
- Risk Analysis
- Developers
Fields of security
- Red Team Penetration testing : Phishing , Wifi, Metasploit
- Black box single application tests : Bug Bounties
- Code audits : Swachlit project
- Consulting : Designing secure software architecture
- Crypto reviews : Complex Protocols
- Risk Analysis
- Developers
Fields of security
- Red Team Penetration testing : Phishing , Wifi, Metasploit
- Black box single application tests : Bug Bounties
- Code audits : Swachlit project
- Consulting : Designing secure software architecture
- Crypto reviews : Complex Protocols
- Risk Analysis
- Developers
Fields of security
- Red Team Penetration testing : Phishing , Wifi, Metasploit
- Black box single application tests : Bug Bounties
- Code audits : Swachlit project
- Consulting : Designing secure software architecture
- Crypto reviews : Complex Protocols
- Risk Analysis
- Developers
Fields of security
- Red Team Penetration testing : Phishing , Wifi, Metasploit
- Black box single application tests : Bug Bounties
- Code audits : Swachlit project
- Consulting : Designing secure software architecture
- Crypto reviews : Complex Protocols
- Risk Analysis
- Developers
How Do we Gain Experience
- Communities : like Null and OWASP
- Academic Institutions
- Training Certifications
- Development
How Things Evolve
- IT Constantly Evolves : PHP to Javascript NodeJs
- How to learn new stuff : SQL injection to Memory corruption
- Be Creative : going beyond checklist
Why Ctf's
- Typical vulns : strengthen fundamentals, get new knowledge
- Esoteric vulns : be creative
- YOU Will Fail : Reality Check, dont be so arrogant
where to find ans solve them
- Ctftime.org
- Vulnhub.com
- Hackthebox.eu
- Stick to one : notes , google searches
- look up at write ups
- analyse
Basic_Pentesting 1
This is a vulhub machine you can download and test in your computer [boot2root] challenge we need to acquire root in this machine that's the challenge
link :- https://www.vulnhub.com/entry/basic-pentesting-1,216/
LETS GET STARTED ->
LETS GET STARTED ->
scaning the network
netdiscover -r 10.0.9.0/24
Checking if a web server is running on the target {Passive recon}
YES !!!!
NMAP SCAN WITH ONE OF THE PROFILES
NMAP -A -T3 10.0.9.132
Searching vulns
searchsploit
Metasploit have it
search ProFTPd 1.3.3c
Metasploit have it
setting the options
Marlinspikes GOT PWNED
LETS GET ROOT !
python -c 'import pty;pty.spawn("/bin/sh")'
su root -l
y0u 607 p4wn3d
Thank you Thank you!!!
Basic Pentesting 1 CTF
By Sheeraz ali
Basic Pentesting 1 CTF
basic pentesting talk for null bhopal
