Penetration Testing a Linux Machine (Intermediate Level) – By PITPQ8

This is a Guest Session which is conducted and recorded by PITPQ8 (Pakistani IT professionals in Kuwait). PITPQ8 has the mission to bring Pakistani IT professionals residing in Kuwait on a platform where they can share skills, experiences, exchange technological ideas, cooperate with each other and network with like-minded IT professionals in Kuwait. For more details please visit https://www.pitpq8.com/.

Video Description :
===============

This is our second session of “Penetration Testing a Linux Machine” and is for educational purposes only. It is designed over VMware and Oracle platform and the level is Intermediate.

In this session consequences of not enforcing correct file permissions and careless use of PHP include( ) function is demonstrated.

You can download vulnerable machine from *https://www.vulnhub.com/entry/symfonos-1,322/*

You can download Kali Linux machine from according to your host OS: https://www.kali.org/downloads/

Penetrating Methodologies
======================
Scanning
—————
• netdiscover
• Nmap

Enumeration
———————-
• Enum4linux, submap , smbclient (SMB Share folders)
• Wpscan

Exploiting
—————-
• Exploiting WordPress LFI (Mail Masta 1.0)
• LFI to RCE via SMTP log Poising

Privilege Escalation
——————————–
• PATH Injection
• Sticky bit

Presenter :
========
Mr. Najam ul Hassan* is a seasoned Cyber Security professional with 12+ years of experience in Network & Information Security having extensive knowledge and hands-on experience, on Implementing and Securing Networks. He has done many Penetration Testing projects for Government Organizations and private as well. Holds prestigious Cyber Security and IT certifications including CISSP, CISM, CHE v10, CPTE (Certified Pentest Eng. by Mile2), CCNP-Sec.

LinkedIn Profile :
=============
https://www.linkedin.com/in/najam-hasan-54871911/

source

by GISPP ACADEMY

linux http server