Author: Steven

  • An In-Depth Look at TLS

    An In-Depth Look at TLS

    The ‘S’ in HTTPS, the lock icon in the top left of your browser, the lack of a suspicious “this site is insecure” warning – most everyone who uses the internet is familiar with these, yet fewer know what exactly they mean, and even fewer still understand how it works behind the scenes. Transport Layer…

  • Exploiting SMTP

    Exploiting SMTP

    (Continuation of Part 2) For the next network security challenge, I will be testing my skills against a vulnerable SMTP server. SMTP (Simple Mail Transfer Protocol) is one of a few application-layer protocols powering e-mail services, along with POP (Post Office Protocol) and IMAP (Internet Message Access Protocol), with SMTP being primarily responsible for sending…

  • Exploiting NFS

    Exploiting NFS

    (Continuation of Part 1) In this challenge, I will be exploiting an intentionally misconfigured NFS server to obtain root privileges. Network File System (NFS) is used to share files over a network, allowing users to access remote files as if they were local. Starting out with a basic nmap port scan, I discovered that an…

  • Exploiting Common Network Services

    Exploiting Common Network Services

    Recently, I tried my hand at exploiting several misconfigured or otherwise vulnerable network services, namely SMB, Telnet, and FTP, on machines hosted on TryHackMe, in order to gain a better understanding of some common network vulnerabilities and misconfigurations. I used Kali Linux for my local machine, and connected via openVPN to several vulnerable boxes on…