SlideShare a Scribd company logo

Boot2root Challenge Solving

Download as PPTX, PDF
S
Shrutirupa Banerjiee

I gave an example on how a boot2root challenge can be solved at the beginners' level and what was my approach towards solving them.

Technology
1 of 45
Solving Boot2Root Challenge By Shrutirupa Banerjiee (@freak_crypt)
Whoami?? • WAF Research @ Qualys • Blockchain and Security Enthusiast • Maths Lover • Independent Researcher • Leading Infosecgirls Pune chapter
Agenda • What is a Boot2Root Challenge? • Why is it important? • How do you start with it? • A small interpretation of a challenge
What is Boot2Root Challenge?
Why is it important? • To understand the basics of pentesting and security • To have practical implementation of our basics • To learn more and more • And most importantly….
It is fun!!!
How do you start with it? • Vulnhub (personal favorite) • Hack the box • Rootme.org • And many more……
A small interpretation of a challenge • I solved a very simple machine to show basic enumeration at a beginner’s level
Abraham Lincoln said: Give me six hours to chop down a tree and I will spend the first four sharpening the axe
Machine Name(vulnhub) • SecOS: 1 • Author: PaulSec
Why this machine? • It’s an older one • It’s focused on beginners • Many walkthroughs are already available
Let’s Start
Ip discovery • The victim machine on Bridged mode • nmap 192.168.0.1/24 netdiscover can also be used
Sign up page
Change Password
Thanks to the walkthroughs, I could actually understand how a CSRF based vulnerability is exploited
What’s next??? • Signed out of my account • Logged into the spiderman’s account using the changed password(dead)
There are more machines to solve: • Enumerate • Get shell • Get root • Repeat
References • https://www.vulnhub.com/ • https://www.vulnhub.com/entry/secos-1,88/ • https://www.doyler.net/security-not-included/secos-1-walkthrough

Recommended

DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
Sanjiv Kawa
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with Zap
Soluto
 
thymeleafさいしょの一歩
thymeleafさいしょの一歩thymeleafさいしょの一歩
thymeleafさいしょの一歩
Yuichi Hasegawa
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
 
Hacking windows xp sp 2 using metasploit
Hacking windows xp sp 2 using metasploitHacking windows xp sp 2 using metasploit
Hacking windows xp sp 2 using metasploit
TejasKore3
 
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
raj upadhyay
 
台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤
jack51706
 

Recommended

DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
Sanjiv Kawa
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with Zap
Soluto
 
thymeleafさいしょの一歩
thymeleafさいしょの一歩thymeleafさいしょの一歩
thymeleafさいしょの一歩
Yuichi Hasegawa
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
 
Hacking windows xp sp 2 using metasploit
Hacking windows xp sp 2 using metasploitHacking windows xp sp 2 using metasploit
Hacking windows xp sp 2 using metasploit
TejasKore3
 
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]
raj upadhyay
 
台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤台科大網路鑑識課程 封包分析及中繼站追蹤
台科大網路鑑識課程 封包分析及中繼站追蹤
jack51706
 
Guerilla Usability Testing
Guerilla Usability TestingGuerilla Usability Testing
Guerilla Usability Testing
InnoTech
 
Hacker's Practice Ground - CarolinaCon - 2015
Hacker's Practice Ground - CarolinaCon - 2015Hacker's Practice Ground - CarolinaCon - 2015
Hacker's Practice Ground - CarolinaCon - 2015
lokeshpidawekar
 
OpenStack Upstream Training Report
OpenStack Upstream Training ReportOpenStack Upstream Training Report
OpenStack Upstream Training Report
Rakuten Group, Inc.
 
Planning a MOOC
Planning a MOOCPlanning a MOOC
Planning a MOOC
Jenny Mackness
 
Social media for_scientists
Social media for_scientistsSocial media for_scientists
Social media for_scientists
Jamie Eldridge
 
EPQ Presentation
EPQ PresentationEPQ Presentation
EPQ Presentation
Alexander Liptak
 
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Deborah Baff
 
Teaching myself to code: the journey and lessons learned
Teaching myself to code: the journey and lessons learnedTeaching myself to code: the journey and lessons learned
Teaching myself to code: the journey and lessons learned
Neha Batra
 
OO design slide
OO design slideOO design slide
OO design slide
icarter09
 
Getting Involved in VMUG
Getting Involved in VMUGGetting Involved in VMUG
Getting Involved in VMUG
Scott Lowe
 
Lightweight and ‘guerrilla’ usability testing for digital humanities projects
Lightweight and ‘guerrilla’ usability testing for digital humanities projectsLightweight and ‘guerrilla’ usability testing for digital humanities projects
Lightweight and ‘guerrilla’ usability testing for digital humanities projects
Mia
 
Exploratory Testing with the Team_ATDNL
Exploratory Testing with the Team_ATDNLExploratory Testing with the Team_ATDNL
Exploratory Testing with the Team_ATDNL
Maaike Brinkhof
 
Sharing Devoxx2023 highlights
Sharing Devoxx2023 highlightsSharing Devoxx2023 highlights
Sharing Devoxx2023 highlights
mhpmvanosch
 
How to Run Research in Agile Sprints by Democratizing It Across Teams
How to Run Research in Agile Sprints by Democratizing It Across TeamsHow to Run Research in Agile Sprints by Democratizing It Across Teams
How to Run Research in Agile Sprints by Democratizing It Across Teams
UserZoom
 
Engineers need to learn UXR
Engineers need to learn UXREngineers need to learn UXR
Engineers need to learn UXR
Neha Batra
 
Robot Search Engine
Robot Search EngineRobot Search Engine
Robot Search Engine
Yue Zhuge
 
Creating a social media mediated learning experience - Andrew Smith & Ha...
Creating a social media mediated learning experience - Andrew Smith & Ha...Creating a social media mediated learning experience - Andrew Smith & Ha...
Creating a social media mediated learning experience - Andrew Smith & Ha...
IL Group (CILIP Information Literacy Group)
 
Creating a social media mediated learning experience (LILAC17)
Creating a social media mediated learning experience (LILAC17)Creating a social media mediated learning experience (LILAC17)
Creating a social media mediated learning experience (LILAC17)
Andrew Smith
 
StartupUX: Workshop Slides
StartupUX: Workshop SlidesStartupUX: Workshop Slides
StartupUX: Workshop Slides
Cate Kompare
 
Life Behind The Curve - MKGN #5
Life Behind The Curve - MKGN #5Life Behind The Curve - MKGN #5
Life Behind The Curve - MKGN #5
meteoracle
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
BrainSell Technologies
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 

More Related Content

Similar to Boot2root Challenge Solving

Social media for_scientists
Social media for_scientistsSocial media for_scientists
Social media for_scientists
Jamie Eldridge
 
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Deborah Baff
 
Lightweight and ‘guerrilla’ usability testing for digital humanities projects
Lightweight and ‘guerrilla’ usability testing for digital humanities projectsLightweight and ‘guerrilla’ usability testing for digital humanities projects
Lightweight and ‘guerrilla’ usability testing for digital humanities projects
Mia
 
Exploratory Testing with the Team_ATDNL
Exploratory Testing with the Team_ATDNLExploratory Testing with the Team_ATDNL
Exploratory Testing with the Team_ATDNL
Maaike Brinkhof
 
How to Run Research in Agile Sprints by Democratizing It Across Teams
How to Run Research in Agile Sprints by Democratizing It Across TeamsHow to Run Research in Agile Sprints by Democratizing It Across Teams
How to Run Research in Agile Sprints by Democratizing It Across Teams
UserZoom
 

Similar to Boot2root Challenge Solving (20)

Guerilla Usability Testing
Guerilla Usability TestingGuerilla Usability Testing
Guerilla Usability Testing
 
Hacker's Practice Ground - CarolinaCon - 2015
Hacker's Practice Ground - CarolinaCon - 2015Hacker's Practice Ground - CarolinaCon - 2015
Hacker's Practice Ground - CarolinaCon - 2015
 
OpenStack Upstream Training Report
OpenStack Upstream Training ReportOpenStack Upstream Training Report
OpenStack Upstream Training Report
 
Planning a MOOC
Planning a MOOCPlanning a MOOC
Planning a MOOC
 
Social media for_scientists
Social media for_scientistsSocial media for_scientists
Social media for_scientists
 
EPQ Presentation
EPQ PresentationEPQ Presentation
EPQ Presentation
 
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
Exploring the use of Twitter, Snapchat and LinkedIn for learning and teaching...
 
Teaching myself to code: the journey and lessons learned
Teaching myself to code: the journey and lessons learnedTeaching myself to code: the journey and lessons learned
Teaching myself to code: the journey and lessons learned
 
OO design slide
OO design slideOO design slide
OO design slide
 
Getting Involved in VMUG
Getting Involved in VMUGGetting Involved in VMUG
Getting Involved in VMUG
 
Lightweight and ‘guerrilla’ usability testing for digital humanities projects
Lightweight and ‘guerrilla’ usability testing for digital humanities projectsLightweight and ‘guerrilla’ usability testing for digital humanities projects
Lightweight and ‘guerrilla’ usability testing for digital humanities projects
 
Exploratory Testing with the Team_ATDNL
Exploratory Testing with the Team_ATDNLExploratory Testing with the Team_ATDNL
Exploratory Testing with the Team_ATDNL
 
Sharing Devoxx2023 highlights
Sharing Devoxx2023 highlightsSharing Devoxx2023 highlights
Sharing Devoxx2023 highlights
 
How to Run Research in Agile Sprints by Democratizing It Across Teams
How to Run Research in Agile Sprints by Democratizing It Across TeamsHow to Run Research in Agile Sprints by Democratizing It Across Teams
How to Run Research in Agile Sprints by Democratizing It Across Teams
 
Engineers need to learn UXR
Engineers need to learn UXREngineers need to learn UXR
Engineers need to learn UXR
 
Robot Search Engine
Robot Search EngineRobot Search Engine
Robot Search Engine
 
Creating a social media mediated learning experience - Andrew Smith & Ha...
Creating a social media mediated learning experience - Andrew Smith & Ha...Creating a social media mediated learning experience - Andrew Smith & Ha...
Creating a social media mediated learning experience - Andrew Smith & Ha...
 
Creating a social media mediated learning experience (LILAC17)
Creating a social media mediated learning experience (LILAC17)Creating a social media mediated learning experience (LILAC17)
Creating a social media mediated learning experience (LILAC17)
 
StartupUX: Workshop Slides
StartupUX: Workshop SlidesStartupUX: Workshop Slides
StartupUX: Workshop Slides
 
Life Behind The Curve - MKGN #5
Life Behind The Curve - MKGN #5Life Behind The Curve - MKGN #5
Life Behind The Curve - MKGN #5
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Precisely
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 

Recently uploaded (20)

ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 

Boot2root Challenge Solving