Vulnhub Bsides Vancouver 2018 walkthrough


This is a walkthrough of Bsides Vancouver 2018, a beginner boot2root challenge. It was used by Mohamed Shahat (@Abatchy) in a workshop during Bsides Vancouver 2018.

It’s an easy challenge, but since there are 2 distinct ways to obtain root, this is a nice opportunity to test for different vulnerabilities and try different tools.

LITTLE WARNING: This is going to be a crazy long walkthrough because I’m going to detail my methodology (pentest style) including what didn’t work, as well as many different tools and manual exploitation techniques (because you can’t rely too much on tools).
I want to give you as many ideas as possible that you can later apply on real-life penetration tests, and not just what “magically” works.

More …

Methods for finding the IP address of a downloaded virtual machine

If you’re working on a challenge, vulnerable VM or CTF, you probably won’t know its IP address and won’t be able to get it with ifconfig because generally login credentials are not disclosed. So this is a basic tutorial on how to “guess” the IP address of a downloaded virtual machine that has DHCP enabled.

If you’re a seasoned pentester/bug bounty hunter/CTFer, this blog post is clearly not for you. It is addressed to anyone starting in InfoSec, whether you’re trying a first boot2root challenge or preparing for a job interview.

Why I am choosing this topic? Because everybody has to start somewhere. In my last corporate job, I created an intentionally vulnerable VM to assess the experience and technical level of applicants for a pentester job. The only information they had, was that the VM has DHCP enabled and their task was to find the maximum number of vulnerabilities.
To my surprise, many of them did not know where to start and asked for the IP address of the VM or the login credentials!

More …

The 5 Hacking NewsLetter 9

Hey hackers! Here’s our collection of the best resources shared this week by pentesters & bug bounty hunters. It covers the week from to the 15th to the 22th of June.

Have a good reading!


Our favorite 5 hacking items

1. Tutorial of the week

Credential stealing with XSS without user interaction

This is not a new technique, but it’s a good exploitation scenario to show one pratical risk of XSS vulnerabilities. From experience, using <script>alert(0)</script> in pentest reports is not very convincing for clients.
I try to always include proof of concepts that show what exactly is possible on the particular context being tested: redirection, iframe inclusion, cookie theft, credentials theft from the browser, etc.

More …

Conference notes: Trickle Down PwnOnomics (LevelUp 0x02 / 2018)

trickle-down-pwnonomics.png Hi, these are the notes I took while watching the “Trickle Down PwnOnomics” talk given by Darrell Damstedt (aka Hateshape) on LevelUp 0x02 / 2018.


  • This talk is about how Hateshape “went from having zero bug bounty experience to regularly experiencing ($$$) success”.
  • Trickle Down Pwnonomics: A theory promoting the discovery and reduction of vulnerabilities on a bug bounty program as a means to stimulate my bank account.
More …

The 5 Hacking NewsLetter 8

Hey hackers! As usual, this is a collection of our favorite resources for penetration testers and bug bounty hunters. It covers the week from to the 8th to the 15th of June.

There’s a lot to read, so grab a nice plate of watermelon (yeah, it’s summer baby!) and good reading!


Our favorite 5 hacking items

1. Tutorial of the week

Should this be public though? by Rojan Rijal

This tutorial presents great OSINT techniques for finding sensitive information leaked by employees.
A tool, LeakFinder, is also provided to automate the process. The author used it successfully on 2 bug bounty programs but the reports have not yet been disclosed.

More …