$Whoami

Hey I am  sheeraz

Chapter lead null bhopal 

Chapter lead google dev group & facebook dev c 

BCA II year student at BSSS

What are CTF's?

What are CTF's?

capture the flag competitions

some vulnerable machines are presented to us and we have to hack into them and get the flags some times root access as we are going to in our basic pentesting 1 ctf  

Fields of security

  • Red Team Penetration testing  : Phishing , Wifi, Metasploit
  • Black box single application tests : Bug Bounties 
  • Code audits : Swachlit project
  • Consulting : Designing secure software architecture
  • Crypto reviews : Complex Protocols
  • Risk Analysis
  • Developers

Fields of security

  • Red Team Penetration testing  : Phishing , Wifi, Metasploit
  • Black box single application tests : Bug Bounties 
  • Code audits : Swachlit project
  • Consulting : Designing secure software architecture
  • Crypto reviews : Complex Protocols
  • Risk Analysis
  • Developers

Fields of security

  • Red Team Penetration testing  : Phishing , Wifi, Metasploit
  • Black box single application tests : Bug Bounties 
  • Code audits : Swachlit project
  • Consulting : Designing secure software architecture
  • Crypto reviews : Complex Protocols
  • Risk Analysis
  • Developers

Fields of security

  • Red Team Penetration testing  : Phishing , Wifi, Metasploit
  • Black box single application tests : Bug Bounties 
  • Code audits : Swachlit project
  • Consulting : Designing secure software architecture
  • Crypto reviews : Complex Protocols
  • Risk Analysis
  • Developers

Fields of security

  • Red Team Penetration testing  : Phishing , Wifi, Metasploit
  • Black box single application tests : Bug Bounties 
  • Code audits : Swachlit project
  • Consulting : Designing secure software architecture
  • Crypto reviews : Complex Protocols
  • Risk Analysis
  • Developers

Fields of security

  • Red Team Penetration testing  : Phishing , Wifi, Metasploit
  • Black box single application tests : Bug Bounties 
  • Code audits : Swachlit project
  • Consulting : Designing secure software architecture
  • Crypto reviews : Complex Protocols
  • Risk Analysis
  • Developers

Fields of security

  • Red Team Penetration testing  : Phishing , Wifi, Metasploit
  • Black box single application tests : Bug Bounties 
  • Code audits : Swachlit project
  • Consulting : Designing secure software architecture
  • Crypto reviews : Complex Protocols
  • Risk Analysis
  • Developers

How Do we Gain Experience

  • Communities : like Null and OWASP
  • Academic Institutions
  • Training Certifications 
  • Development 

How Things Evolve

  • IT Constantly Evolves : PHP  to Javascript NodeJs
  • How to learn new stuff : SQL injection to Memory corruption 
  • Be Creative : going beyond checklist

Why Ctf's

  • Typical vulns : strengthen fundamentals, get new knowledge 
  • Esoteric vulns : be creative 
  • YOU Will Fail : Reality Check, dont be so arrogant 

where to find ans solve them

  • Ctftime.org 
  • Vulnhub.com
  • Hackthebox.eu
  • Stick to one : notes , google searches 
  • look up at write ups
  • analyse  

Basic_Pentesting 1

This is a vulhub machine you can download and test in your computer [boot2root] challenge we need to acquire root in this machine that's the challenge 

link :- https://www.vulnhub.com/entry/basic-pentesting-1,216/ 

LETS GET STARTED ->

LETS GET STARTED ->

scaning the network

netdiscover -r 10.0.9.0/24

Checking if a web server is running on  the target {Passive recon}

YES !!!!

NMAP SCAN WITH ONE OF THE PROFILES

NMAP -A -T3 10.0.9.132

Searching vulns 

searchsploit 

Metasploit have it

search ProFTPd 1.3.3c

Metasploit have it

setting the options

Marlinspikes GOT PWNED

LETS GET ROOT !

python -c 'import pty;pty.spawn("/bin/sh")'​

su root -l

y0u 607 p4wn3d

Thank you Thank you!!!

Basic Pentesting 1 CTF

By Sheeraz ali

Basic Pentesting 1 CTF

basic pentesting talk for null bhopal

  • 769