service ports discover with nmap

Starting Nmap 7.91 ( ) at 2020-12-07 15:20 +08 Nmap scan report for Host is up (0.0087s latency). Not shown: 65511 closed ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl … Continue reading service ports discover with nmap


[security]evil-winrm installation

I am trying to use evil-winrm to get a windows shell with an user credential via tcp/5985 (winrm) ruby evil-winrm -i -u username -p password, but I encountered ruby modules problem which are winrm and winrm-fs, hence I need to install the modules gem install winrm; gem install winrm-fs or simply gem install evil-winrm

[security] File upload

The lab uses metasploitable. This lab gives awareness of file upload vulnerability, there are three levels of security - low, medium and high, the objective is to try to upload a forward shell code then connect to it to gain the server access. Low security This is the php code of low security file upload: … Continue reading [security] File upload

HackTheBox – Get the invite code

You have to find the invite code yourself, the link is in order to join the club to learn hacking yourself. The invite code extraction method may change, but this is the current one as of today 25th of Feb 2020. I am using firefox, so on this, click on web developer on … Continue reading HackTheBox – Get the invite code

Hashicorp vault – Enable database secret engine for MariaDB/MySQL

Introduction There is a learning page for turning on database secret engine for postgresql but for my environment it is MariaDB, this post records on how to enable database engine to automatically rotate secrets for MariaDB user. This feature is very similar to CyberArk on password rotation for nix servers and database. For this lab, … Continue reading Hashicorp vault – Enable database secret engine for MariaDB/MySQL

Do not update netmiko to version 5 if you are using it with nornir

I have been using nornir to call netmiko, the netmiko version used by nornir is version 2.4.2, netmiko has just updated to version 3.0, before I upgraded the netmiko, I could push config set. After I upgraded netmiko to 3.0, my script started raised netmiko timeout, but the commands were sent to the firewall. From … Continue reading Do not update netmiko to version 5 if you are using it with nornir

[python]Matching sh run object service with textfsm

I have been experimenting a few combination with textfsm, the problematic one is show run object service may show description and some may not show description this is because description is an optional configuration item in Cisco ASA. This makes matching description kind of hard. The current working textfsm only matches compulsory items such as … Continue reading [python]Matching sh run object service with textfsm

[python]Napalm-asa only supports Cisco ASA with REST API

I am using the napalm-asa asa driver, however this driver can only be used if the Cisco ASA installs the REST API package, hence for cisco ASA that does not have REST API, Napalm cannot be used. Instead use netmiko, netmiko is using ssh and has methods to let you send commands. It is not … Continue reading [python]Napalm-asa only supports Cisco ASA with REST API