-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathatom.xml
More file actions
184 lines (111 loc) · 10.2 KB
/
atom.xml
File metadata and controls
184 lines (111 loc) · 10.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>OnePlus - X</title>
<subtitle>Learn, Share, Hack</subtitle>
<link href="/atom.xml" rel="self"/>
<link href="http://oneplus-x.github.com/"/>
<updated>2017-06-15T00:56:41.843Z</updated>
<id>http://oneplus-x.github.com/</id>
<author>
<name>One Plus <weirdless@yandex.com></name>
</author>
<generator uri="http://hexo.io/">Hexo</generator>
<entry>
<title>Enterprise Offense: IT Operations [Part 1] - Post-Exploitation of Puppet and Ansible Servers</title>
<link href="http://oneplus-x.github.com/2017/06/11/Enterprise-Offense-IT-Operations-Part-1/"/>
<id>http://oneplus-x.github.com/2017/06/11/Enterprise-Offense-IT-Operations-Part-1/</id>
<published>2017-06-11T15:26:34.000Z</published>
<updated>2017-06-15T00:56:41.843Z</updated>
<summary type="html">
<h2 id="Introduction"><a href="#Introduction" class="headerlink" title="Introduction"></a>Introduction</h2><p>Confusion generally prevails while hacking an infrastructure that is not integrated with Active directory. Lateral movement is generally dependent on password spraying and common vulnerability availability. This blog will touch upon IT Operators tools - Puppet and Ansible - that is used to automate the process of managing these non-domain systems as well as cover the topic on how a hacker (or pentester) could utilize these tools to laterally move in the environment.<br>
</summary>
<category term="Red Team" scheme="http://oneplus-x.github.com/tags/Red-Team/"/>
<category term="IT Operations hacking" scheme="http://oneplus-x.github.com/tags/IT-Operations-hacking/"/>
<category term="Enterprise Offense" scheme="http://oneplus-x.github.com/tags/Enterprise-Offense/"/>
<category term="Puppet Hack" scheme="http://oneplus-x.github.com/tags/Puppet-Hack/"/>
<category term="Ansible Hack" scheme="http://oneplus-x.github.com/tags/Ansible-Hack/"/>
</entry>
<entry>
<title>Vulnhub: Pluck 1</title>
<link href="http://oneplus-x.github.com/2017/03/12/Vulnhub-Pluck/"/>
<id>http://oneplus-x.github.com/2017/03/12/Vulnhub-Pluck/</id>
<published>2017-03-12T12:06:35.000Z</published>
<updated>2017-03-16T12:09:43.015Z</updated>
<summary type="html">
<h2 id="Introduction"><a href="#Introduction" class="headerlink" title="Introduction"></a>Introduction</h2><p>Just another writeup for another boot2root Vulnhub Challenge. This one is great to test out different types of exploitation techniques.</p>
</summary>
<category term="Vulnhub" scheme="http://oneplus-x.github.com/tags/Vulnhub/"/>
<category term="Pluck" scheme="http://oneplus-x.github.com/tags/Pluck/"/>
<category term="boot2root" scheme="http://oneplus-x.github.com/tags/boot2root/"/>
</entry>
<entry>
<title>Vulnhub - OSCP Series - Kioptrix Level 1</title>
<link href="http://oneplus-x.github.com/2017/02/25/kioptrix-1/"/>
<id>http://oneplus-x.github.com/2017/02/25/kioptrix-1/</id>
<published>2017-02-25T18:29:37.000Z</published>
<updated>2017-02-27T09:45:35.168Z</updated>
<summary type="html">
<h2 id="Overview"><a href="#Overview" class="headerlink" title="Overview"></a>Overview</h2><p>Part of the OSCP preparation VMs from vulnhub, Kioptrix is a boot to root challenge series. While travelling 6 hours in an intercity bus, without any access to internet, I took upon myself to attempt solving as many Kioptrix levels as possible. Turns out it was super hard with the enormous number of errors I faced during compilation of any of the exploits that I wanted.</p>
</summary>
<category term="Vulnhub" scheme="http://oneplus-x.github.com/tags/Vulnhub/"/>
<category term="Kioptrix" scheme="http://oneplus-x.github.com/tags/Kioptrix/"/>
<category term="Kioptrix level 1" scheme="http://oneplus-x.github.com/tags/Kioptrix-level-1/"/>
<category term="OSCP Series" scheme="http://oneplus-x.github.com/tags/OSCP-Series/"/>
</entry>
<entry>
<title>All your creds are belong to us: Hacking an ISP for fun and internet</title>
<link href="http://oneplus-x.github.com/2017/02/25/ISP-Hacking/"/>
<id>http://oneplus-x.github.com/2017/02/25/ISP-Hacking/</id>
<published>2017-02-25T04:06:14.000Z</published>
<updated>2017-02-27T11:19:16.848Z</updated>
<summary type="html">
<h2 id="Introduction"><a href="#Introduction" class="headerlink" title="Introduction"></a>Introduction</h2><p>Generally ISPs have been very ignorant towards their security, resulting in requirement of the government to enforce policies that would be required ISPs and Telecom Operators to provide the end users a secure and a private communication network. However, due to issues with money, ISPs prefer to relax on most of the security issues or end up hiring firms with external consultants with no idea on how to secure a Telecom Infrastructure. This is the exact reason people would require to audit their own ISPs and make a note of the vulnerabilities. The specific configurational vulnerabilities that would be mentioned in this blog results in not only of an attacker to gain credentials to access internet, but he is also capable of doing crazy number of things while sitting on the same network. The network of this ISP has been the same for more than 2 years now.</p>
</summary>
<category term="Internet Security Provider" scheme="http://oneplus-x.github.com/tags/Internet-Security-Provider/"/>
<category term="ISP" scheme="http://oneplus-x.github.com/tags/ISP/"/>
<category term="PPPoE PAP" scheme="http://oneplus-x.github.com/tags/PPPoE-PAP/"/>
<category term="Man in the middle" scheme="http://oneplus-x.github.com/tags/Man-in-the-middle/"/>
<category term="ISP Hacking" scheme="http://oneplus-x.github.com/tags/ISP-Hacking/"/>
</entry>
<entry>
<title>The Red Team's Ratatouille</title>
<link href="http://oneplus-x.github.com/2016/11/30/Red-Team-Ratatouille/"/>
<id>http://oneplus-x.github.com/2016/11/30/Red-Team-Ratatouille/</id>
<published>2016-11-29T22:17:03.000Z</published>
<updated>2016-12-04T15:52:22.330Z</updated>
<summary type="html">
<h3 id="begin-Introduction"><a href="#begin-Introduction" class="headerlink" title=":begin Introduction"></a>:begin Introduction</h3><p>The concept of <a href="http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices">Plug and Prey: Malicious USB Devices</a> device by Irongeek at Shmoocon, <a href="https://srlabs.de/projects/badusb/">bad usb</a> by Karsten Nohl at Blackhat or the <a href="https://hakshop.com/products/usb-rubber-ducky-deluxe">Rubber ducky</a> by Hak5, these are super interesting concepts that are leveraged at every Red Team enagement that is conducted by a Red Team Operator. Any such exploitation requires good amount of social engineering. I recommend people should have exhausted every possible trick in the book to compromise from the external network of the organization before attempting to breach physical security.<br>
</summary>
<category term="Red Team" scheme="http://oneplus-x.github.com/tags/Red-Team/"/>
<category term="Bad USB" scheme="http://oneplus-x.github.com/tags/Bad-USB/"/>
<category term="Malicious Mouse Attack" scheme="http://oneplus-x.github.com/tags/Malicious-Mouse-Attack/"/>
<category term="Plug and Prey Malicious USB Devices" scheme="http://oneplus-x.github.com/tags/Plug-and-Prey-Malicious-USB-Devices/"/>
<category term="Driveby Mouse" scheme="http://oneplus-x.github.com/tags/Driveby-Mouse/"/>
</entry>
<entry>
<title>Vulnhub: Hackday Albania</title>
<link href="http://oneplus-x.github.com/2016/11/24/Vulnhub-Hackday-Albania/"/>
<id>http://oneplus-x.github.com/2016/11/24/Vulnhub-Hackday-Albania/</id>
<published>2016-11-23T19:46:11.000Z</published>
<updated>2017-03-16T12:30:45.943Z</updated>
<summary type="html">
<p>A new night, and a new virtual image to break. Hah! Sound fun.</p>
<p>We begin Hackday Albania, the usual way, by setting up Virtual box, on host-only mode.</p>
<h3 id="Enumeration"><a href="#Enumeration" class="headerlink" title="Enumeration"></a>Enumeration</h3><p>We launch our nmap with the following command<br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">oneplus-x@c0ffee$ nmap -A 192.168.56.101</div></pre></td></tr></table></figure></p>
</summary>
<category term="Vulnhub" scheme="http://oneplus-x.github.com/tags/Vulnhub/"/>
<category term="Hackday" scheme="http://oneplus-x.github.com/tags/Hackday/"/>
<category term="Albania" scheme="http://oneplus-x.github.com/tags/Albania/"/>
</entry>
<entry>
<title>A new beginning</title>
<link href="http://oneplus-x.github.com/2016/11/23/A-new-beginning/"/>
<id>http://oneplus-x.github.com/2016/11/23/A-new-beginning/</id>
<published>2016-11-23T13:48:55.000Z</published>
<updated>2016-12-04T05:43:07.299Z</updated>
<summary type="html">
<p>Just another attempt on trying a different UI for blogging, I have chosen <a href="https://github.com/klugjo/hexo-theme-alpha-dust" targe
</summary>
<category term="OnePlus - X" scheme="http://oneplus-x.github.com/tags/OnePlus - X/"/>
</entry>
</feed>