all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OffSec — Katana Walkthrough

Add to bookmarks
Jan. 25, 2024, 11:22 a.m. | xocybersec

System Weakness - Medium systemweakness.com

Hacking, Misconfigured Permissions, Unrestricted File Upload

OffSec — Katana Walkthrough

A walkthrough with my tactics, techniques, and procedures.

Reconnaissance/Scanning:

Let’s start things off with a network scan to see which ports are open and the services running on each.

$ nmap -A -O -sC -sV -p- <machine_IP>
Nmap scan results

Gobuster scan of port 80:

Gobuster scan results for port 80

Scanning /ebook directory.

Gobuster scan results for /ebook

Visiting the /ebook page.

There’s also an Admin Login link on …

a network cybersecurity directory ebook ethical hacking file gobuster hacking misconfigured network nmap offensive security offsec permissions port ports procedures reconnaissance results running scan scanning services start tactics techniques things walkthrough

Visit resource

More from systemweakness.com / System Weakness - Medium

The Future of Programming: A Look at Emerging Languages Shaping Software Development 2 days ago | systemweakness.com
address article changing development +14
Cyber Detectives Unite: Advanced Tools for Web Security 2 days ago | systemweakness.com
bug bounty computer science cybersecurity ethical hacking +1
Mittre Att&ck‘s User Manual 2 days, 20 hours ago | systemweakness.com
adversary amp att attacks +22
Unveiling the Hidden: A Guide to Passive Subdomain Enumeration 2 days, 20 hours ago | systemweakness.com
bug bounty hacking security technology +1
Limit Requests to EC2 Instances to Cloudflare Only IPs 2 days, 20 hours ago | systemweakness.com
aws aws lambda cloudflare security +1
Canary Codes for Curious Minds 2 days, 20 hours ago | systemweakness.com
canary tokens hacking ip address location +1
Zero Trust Network Access 3 days, 18 hours ago | systemweakness.com
least privilege microsegmentation network security virtual private network +1
Ransomware-as-a-Service: Democratizing Digital Destruction and How to Fortify Your Defenses 3 days, 18 hours ago | systemweakness.com
as-a-service attacks businesses critical +24
Detecting Mobile Threats: Indicators of Compromise 3 days, 18 hours ago | systemweakness.com
business compromise continue cybersecurity +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States
View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India
View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone
View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA
View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs