Posts

Bob.Vmem

Image
  we are checking for a suspicious file in Bob.vmem dump file.   1.  First we have to check the integrity of a dump In this we are using imageinfo command. Then it gives as a profile the integrity is good Command used:  ./vol.py -f /root/Desktop/Bob.vmem imageinfo In above image we get service packs , profile names ,date and time   2.  PSlist:   Lists out all the process which was running when the image was taken. Command used:  ./vol.py -f /root/Desktop/Bob.vmem --profile = WinXPSP2x86 pslist Add caption 3.  PSScan: it mostly used for malware analysis and rootkit scanning  , Lists out all the inactive or hidden or unlinked processes which was either created by rootkit or malware Command used:  ./vol.py -f /root/Desktop/Bob.vmem --profile = WinXPSP2x86 psscan 4.   PSXView: Identify the actual hidden processes. As we can see, There are two columns for commands pslist and psscan . if any process has false in psscan then we consid...
Post a Comment
Read more

Raven 2 Ctf walkthrough

Image
  Raven 2 CTF Walkthrough   In this article we will see a walkthrough of the Raven: 2 virtual machine. Raven2 :Details Download Raven2 : https://www.vulnhub.com/entry/raven-2,269/ VM Description: Raven 2 is an intermediate level boot2root VM. There are four flags to capture. After multiple breaches, Raven Security has taken extra steps to harden their web server to prevent hackers from getting in. Can you still breach Raven? Penetration Methodology: l  Network Scanning :arp-scan and nmap. l  Directory Brute-force (dirbuster). l  Exploiting RCE in PHP version < 5.2. 18 on Exploit-db l  Reading database password from the wp-config file. l  Searchsploit for MYSQL . l  Exploiting UDF file dynamic library vulnerability for MYSQL using exploit -db. l  MYSQL Database. l  Privilege Escalation . l  Getting Root Access . Let’s try to find the IP of this machine using arp-scan or netdiscover. Below, we can see our results: th...
Post a Comment
Read more