Tips And Tricks: Virtual Machine Shared Folder

Dear Friend, thank you for visiting HaXeZ. Today I want to talk about creating a shared folder for your Virtual Machine. They are a useful feature that allows you to share files between your base operating system and your Virtual Machine. While Virtual Machines do have a bidirectional clipboard that allows you to copy to and from each machine. A shared folder allows for easy access to resources such as wordlists and other large files. Furthermore, they can be particularly useful if you have limited disk space on your Virtual Machine.

Creating A Folder

In VirtualBox, this is a fairly simple process. First, you need to select the Virtual Machine that you want to add the shared folder to and click settings.

Shared Folder Settings
Shared Folder Settings

Once the settings menu opens you need to navigate to the Shared Folders section in the left-hand column.

Adding Shared Folder
Adding Shared Folder

Next, click the blue folder icon with the green plus sign and that will pop up a window with a number of options.

Folder Options

The Folder Path option lets you select where on your base Operating System you want your folder to be. Folder Name allows you to give your folder a specific name when accessing it on your Virtual Machine. The Read-Only option prevents you from making changes to any of the files in the shared directory. Do not tick this if you want to be able to modify your folders. Auto-mount ensures that the folder is mounted on your Virtual Machine once it boots. You want to enable this option. Mount Point specifies where on the Virtual Machine you want it to mount. If you leave this empty then it should default to the /media directory.

Shared Folder Mount
Shared Folder Mount

Accessing Shared Folder

With the settings saved, boot your Virtual Machine and login to the Desktop Environment. Then launch your file manager or file explorer. On the left-hand side, you should see a Devices section containing your File System and your Shared Folder. If not then it could be that you haven’t installed your Virtual Box guest additions.

File Explorer
File Explorer

Permissions Issues

If you can see the folder but aren’t able to access or create any files then it is likely due to user permissions. In order to resolve this issue, you need to add your user to the VirtualBox users group. This can be done by running the following command.

sudo adduser $USER vboxsf

You should now be able to access the shared folder. It is unlikely that you will need to reboot the machine but if the problem persists then reboot and try again.

Hack To Learn: Hacking Legally

Dear Friend, as discussed in the HaXeZ part 1 Hack To Learn video, there are many laws associated with computer misuse that will ensure you’re punished were you violate them. This means you’re not allowed to explore the internet hacking everything you see. So how do hackers hack without getting in trouble? Well there are a number of online communities that provide digital playgrounds for hackers to level up their hacking skills. These playgrounds offer a wide variety of hacking challenges including web applications, coding challenges, forensic challenges, steganography challenges and general machine challenges.

Hack This Site

The first community that I would like to talk about is Hack This Site. Hack This Site is a website that offers a number of challenges including basic and realistic web applications. Although Hack This Site has been around for a long time, there is still a lot of valuable information to be learned. The realistic web application challenges are a lot of fun as the themes and stories surrounding them are immersive.

Hack This Site Website
Hack This Site Website

Hack The Box

This is by far my favourite community. Hack The Box offers a lot of challenges ranging from single machines to entire networks that can explore and compromise. There are also other challenges like on Hack This Site that include programming and other challenges. Furthermore, it has a great community, the forums are full of people nudging you on your path to success. It also has a great Discord community. Hack The Box has also launched an academy where you can get to grips with the basics before diving in. Before the academy was released I did feel that Hack The Box had one of the steepest learning curves.

Hack The Box Website
Hack The Box Website

VulnHub

VulnHub is slightly different from the previous two websites. While it does offer great machines for you to hack. It requires you to download and run the virtual machines locally rather than spinning them up in their own cloud. With that said, there are a lot of Virtual Machine that will teach you something different about hacking. Whether a vulnerability or a misconfigured service, VulnHub will have a Virtual Machine that you can attack to simulate a real world encounter.

VulnHub Website
VulnHub Website

Try Hack Me

Try Hack Me is the one that I have spent the least amount of time on. I’m hoping to change that going forward as I’ve heard great things from colleagues and friends. It too has an academy which provides a number of learning paths starting from beginner to an elite ethical hacker. From what I know, it appears to be cloud based too, you don’t need a powerful computer to get started. Simply sign up and start following a learning path.

Try Hack Me Website
Try Hack Me Website

Conclusion

There are many other sites out there like Over The Wire which have great challenges. However, the four I’ve listed above are in my opinion, the best learning resources for aspiring hackers. These sites will have you hacking websites, popping shells on servers and owning active directory in no time. Some of them will be difficult at first, especially if you don’t have any prior knowledge. However, there are lots of guides and forum posts out there to help you on your way. Just be prepared to read a lot, fiddle with your syntax. Then give up for an hour only to then realise that your single quotation mark was in the wrong place. Hacking the scoped targets on this hacker playgrounds is legal and encourage.

You don’t need to worry about the long arm of the law when practising your skills on these battlefields. So give them a go, I’m sure you will enjoy them.

Kind Regards

Jonobi

Tips and Tricks: Fixing VirtualBox Kali Linux Black Screen

Hello friends and welcome to HaXeZ. So, you have run in to the VirtualBox Kali Linux Black Screen Bug? After all that effort spent downloading it and importing the appliance, you’re excited, you attempt to login in and… nothing. Just a black screen. How disappointing. Do you reinstall it? Give up? Or do you fix it and add that knowledge to your mind palace.

The Cause Of The Black Screen

The likely cause of this problem is due to the VirtualBox Guest Additions either not being installed or not being the correct version. Either way, we need to get them installed to rule this out as a problem.

Kali Linux Black Screen
Kali Linux Black Screen

Grab A Shell

Start the Virtual Machine and wait for it to get to the login prompt. Before logging in press your right CTRL key (VirtualBox host key) and your F2 key. If you ever need to do this natively on Linux then it will be left CTRL, ALT and F2. This sends a signal to the operating system to spawn a virtual text only terminal or a TTY. To get back to the Desktop environment you need to press left CTRL and F8.

Install The Guest Additions

Now login to the Operating System using your credentials. If it is a Kali Virtual Machine downloaded from their website then the credentials are likely either username: kali, password: kali or username: root, password: toor. Once you have logged in you need to instruct VirtualBox to mount the guest additions CD. From the menu, Devices > Insert Guest Additions CD Image.

Kali Linux Black Screen - Insert Guest Additions CD
Kali Linux Black Screen – Insert Guest Additions CD

Mount The cdrom

In order to access the content of the Guest Additions CD, you first need to mount it. You could create a mountpoint manually or you could run the following command. As you can see, the command is mounting the device ‘cdrom’ (denoted by the ‘/dev/’ directory) to ‘/media/cdrom’ directory.

sudo mount /dev/cdrom /media/cdrom

Now, if you list out the contents of the ‘/media/cdrom’ directory you should see a file called VBoxLinuxAdditions.run.

Kali Linux Black Screen - Contents of cdrom
Kali Linux Black Screen – Contents of cdrom

Install The Guest Additions

In order to install the Guest Additions you need to run that VBoxLinuxAdditions.run file. To do this simply run the following command.

sudo /media/cdrom/VBoxLinuxAdditions.run

You may be prompted to press enter but wait for the process to complete and then reboot your system with the reboot command.

sudo reboot
Kali Linux Black Screen – Install Linux Guest Additions

Login In

Once the system has been rebooted, try logging in with your username and password. Hopefully you should now be presented with your desktop and are able to go about your nefarious hacking activities.

Kali Linux Desktop
Kali Linux Desktop

Other Suggestions For Black Screen

If for some reason that didn’t work then there are some other things you could try. One of the other common reasons for this error is due to the display settings. Although changing this has never resolved the problem for me, I thought it was worth a mention. In VirtualBox, head to the settings and then the display settings. Try toggling 3D acceleration and changing the amount of video memory. I’ve heard this has resolved the issue for other people but again I’ve never been able to resolve the problem this way.

VirtualBox - DIsplay Settings
VirtualBox – DIsplay Settings

Hack To Learn: Environment Set Up

Hello and welcome to HaXeZ. In order to start hacking you will first need some tools. If you’re running a Windows based Operating System then you can install tools locally. However, a better solution might be to use a Virtual Machine. A virtual machine is an operating system that runs on top of your base Operating System. Furthermore, it is unlikely to affect your local Operating System. With this in mind, you can download all sorts of malicious software without worrying about it damaging your local Operating System. Although, there are attacks that can break out of your Virtual Machine but that’s something we can worry about later.

Choosing an Operating System

There are many different OS’s built specifically for penetration testing or hacking. However, I’m not going to discuss each one individually but feel free to check out any of the following; Kali, Parrot, Backbox and BlackArch. There are others out there but I believe these to be the main distributions. For the purposes of this article I’m going to be using Kali Linux.  

GET an Operating System

Firstly, head over to https://www.kali.org/get-kali/ and have a look around. There you will see a number of options including Virtual Machines.

Kali Linux Website
Kali Linux Website

If you click on the Virtual Machines option then it should take you to the part of the page where you have the option to download either a VMware or VirtualBox image. With this in mind, we need to make a decision about which hypervisor we want to use. To explain, a Hypervisor is the software that is going to run our Virtual Machine. Feel free to google the pros and cons of both VMWare and VirtualBox and make your own decision. However, I’m going to be using VirtualBox for the purposes of this demonstration.

Virtual Machines
Virtual Machines

Compatibility

Now it is important to download the correct version. If you’re on a modern version of Windows then you will likely need the 64 bit version. However, you can check which version you need by running the following command in an elevated Command Prompt (right click, run as administrator).

wmic os get osarchitecture
Operating System Architecture
Operating System Architecture

As shown above, my OSArchitecture is 64-bit which means I should download the 64-bit version. You can perform a direct download by clicking on the download arrow or if you’re feeling generous you can leach and seed the torrent file by using a torrent client.

GET a Hypervisor

While your Virtual Machine OS is downloading, head over to https://www.virtualbox.org/ and click the big blue button that says download VirtualBox. Once the file has finished downloading, locate it, double click it and install it.

VirtualBox Website
VirtualBox Website

Import Your Operating System

Once your Virtual Machine has finished downloading, open VirtualBox and click File > Import Appliance.

Import Operating System
Import Operating System

This will then spawn another window, if you click the file icon it should open a Windows Explorer Window and allow you to navigate to your Virtual Machine Appliance. Select it.

Select Your Appliance File
Select Your Appliance File

You should then see the configuration of the virtual machine. Don’t worry about this too much as most of it can be changed later. For now just make sure the installation file path is correct and click import.

Virtual Machine Operating System Settings
Virtual Machine Operating System Settings

Update 25/04/2022

Hello and welcome to HaXeZ. First and foremost, sorry I’ve been away so long. I want to give you an update on what’s been going on and where I’ve been. I’ve been desperately wanting to get back to making content but life has been chaotic and has only recently slowed down. For those who don’t know, I work as a penetration tester and work was insanely busy towards the end of the year. I was doing a lot of overtime and a doing lot of traveling to and from client locations.

Theres No Place Like ~

Of course, that wasn’t enough. I decided that it was also a good time to update my living conditions and move in to a new flat. However, I thought it would be a good idea to move it bit by bit. So, for a few weeks I was loading my car up with boxes and driving to my new flat and unpacking every evening. This took a lot longer than expected and it was exhausting. If you move house then I would advise that you do it all at once. Get it done and out the way.

Internet Update

Once moved in to the flat I was waiting for my new modem/wireless access point to be delivered. This was sent in the post and a certain postal company managed to deliver it to the wrong address. While waiting for an update, I was able to tether off my phone for basic internet access, but uploading videos wasn’t feasible. I’m happy to say that the modem was safely delivered and I now have internet access.

Time For A Break

Naturally, I needed a holiday to unwind from all this mayhem so I decided to go to Florida and check out all the theme parks. We managed to go to all the Disney parks, the Universal parks, a few water parks and NASA. We we’re able to squeeze this all in within two weeks. It was exhausting, amazing but absolutely exhausting.

Virus Visitation

Then, it turns out I contracted THAT virus while I was over there. I was feeling a bit under the weather for second week but thought it was down to tiredness and other environmental factors. However, the day we got back to the UK I was absolutely wiped out. I could barely get out of bed and was deaf in one ear. I took a rapid test and lo and behold I was positive for THAT virus. This kept me bed bound for about 2 weeks while I was recovering which brings us up to now. I’m now feeling better and well rested and ready to make content again.

Looking Forward

So, what are my plans going forward? Well I want to continue making content but I want to change things up a bit. I want to create a video playlist which focuses on introducing new people to cybersecurity. It will be like a “start here” point for people who are new to the industry. I will continue with the Hack This Site, Burp Suite and Hack The Box content but I’m going to be changing when I do things. I don’t have it all figured out yet and I thank you all for continuing to support my content.

Hack This Site: Extended Basic – Mission 3

Hello world and welcome back to HaXeZ, thank you for surfing by. This post is a walkthrough of the Hack This Site Extended Basic Mission 3. The purpose of this challenge is to deduce the function of a bespoke programming language’s application. A basic understanding of programming and assigning variables is required for this challenge. However, I’m terrible at programming and was still able to solve the challenge.

The Function

As mentioned above, the image below informs the user that the challenge creator has created a bespoke programming language. In order to solve the challenge, we need to walk through the application step by step and determine the output.

Extended Basic – Mission 3
Extended Basic – Mission 3

Therefore, I believe the best method of solving this challenge is to analyse each line individually and identify what it is doing.

The Solution

BEGIN notr.eal

Firstly, the application starts with ‘BEGIN notr.eal’. Granted, this appears fairly self-explanatory and denotes the start of the application.

CREATE int AS 2

Secondly, it appears as though the application is creating an integer with the value of 2. However, as with other programming languages, the position of ‘CREATE’ suggests it is more likely that the integer value of 2 is being assigned to the variable ‘CREATE’.

DESTROY int AS 0

Thirdly, the same can be said about the ‘DESTROY’ variable. This could easily be mistaken for a function of the program. However, since this function isn’t previously described in the program, I’m going to assume that an integer value of 0 is being added to the variable ‘DESTROY’.

ANS var AS Create + TO

Fourthly, it would appear that the value of the ‘create’ variable (currently 2)  or ‘CREATE’ as previously written is being add to the ‘TO’ variable. I’m not too sure about this one but it resulted in the correct answer so my logic (however flawed) seems correct.

out TO

Finally, the value of the ‘TO’ variable is printed out to the screen. So in this instance the answer should be 2. If you submit that to the submission box then it should solve the challenge.

BEGIN notr.eal /* Starts the program
CREATE int AS 2
/* Adds the integer 2 to variable 'CREATE'
DESTROY int AS 0
/* Adds the integer 0 to variable 'DESTROY'
ANS var AS Create + TO
/* Appears to take the value of variable 'CREATE' and adds to varable 'TO'
out TO
/* Prints the value of 'TO'

Extended Basic Mission 3 – Conclusion

While my explanation might be incorrect, it resulted in the correct answer. Furthermore, I tried to solve the challenge in other ways but wasn’t able to. If we break the program down again and look at lines 2 and 3 we could infer that the program is simply creating an integer of 2 and then destroying it. If it destroys the integer then the value of the variable ‘TO’ would be 0 which is the wrong answer. I’ve also looked at whether ‘AS’ could be a variable but we end up with the same result of the value of the variable being destroyed and ending up with 0. There could be something else I’m missing and if you spot it then please let me know. Anyway this was a fun challenge, please check out my other posts in this series ExtBasic1 and ExtBasic2.

PortSwigger: SQL injection attack, querying the database type and version on MySQL and Microsoft

Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 6. This lab requires you to return the database type on MySQL with Microsoft. I’m not sure if that means, a MySQL database on Microsoft Windows or whether it means MySQL and MSSQL. Let’s find out.

SQL injection attack, querying the database type and version on MySQL and Microsoft
SQL injection attack, querying the database type and version on MySQL and Microsoft

SQL injection attack, querying the database type and version on MySQL and Microsoft

Looking at the lab somewhat clears up the requirements to solve it. It asks us to find a vulnerability in the product category filter. With this vulnerability, it wants us to perform a UNION attack to retrieve the database version string. It’s essentially the same as the last lab but this time we’re querying a different type of database.

The Lab
The Lab

The Application

Ah yes, the familiar application that we’ve come to know and love. It has a navigation menu at the top of the page containing various categories. Underneath, it has the products with a title of the product with bold font and a description with regular font. I like to make a point of explaining what type of font each column is using because it can affect the output of your SQL injection.

The Application
The Application

The SQL Version

In order to retrieve the SQL version, we first need to identify how many columns there are and how many of those columns use text. We have done this in previous labs so please refer to my write-ups on those if you haven’t done them. The syntax is slightly different with this type of database. Instead of commenting out the rest of the query using the double dash ‘–‘ We need to use the pound or hash sign ‘#‘. Once we know that, we can then move on to getting the version information.

GET /filter?category=Accessories'+UNION+SELECT+NULL,NULL# HTTP/1.1
Repeating Requests
Repeating Requests

The SQL Injection

Now that we know the number of columns, we can ask the database to return the version information into one of those columns. In order to do this, we need to ask for the ‘@@version‘ information. You can append the following SQL statement to the parameter and then forward it to the application.

GET /filter?category=Accessories'[email protected]@version,+NULL# HTTP/1.1
SQL Injection To Get Version Information
SQL Injection To Get Version Information

The results will then be displayed at the bottom of the page which in this case is version 8.0.27. This is a very handy technique if you wanted to identify the specific version of the database running. You could then use this information to look for vulnerabilities that impact that version.

The Resulsts
The Results

PortSwigger Web Security Academy: SQL injection attack, querying the database type and version on Oracle

Hello friends and today HaXeZ is looking at the 5th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to perform a UNION-based SQL injection to retrieve the database version string. We can use the same techniques that we have developed so far.

SQL injection attack, querying the database type and version on Oracle
SQL injection attack, querying the database type and version on Oracle

SQL injection attack, querying the database type and version on Oracle

So as stated above, we need to perform an SQL injection UNION-based attack to retrieve the version number of the database. It is specific to Oracle databases so the syntax may be different depending on which type of database you’re testing.

The Lab
The Lab

The Application

As with the previous labs, the application is fairly basic. It has a navigation menu at the top with a list of products underneath. It looks like we have two columns to play with this time. A title with the bold font, and a description, with the normal font. We can capture a request with Burp Suite and determine the precise structure using the NULL method that we have done previously. However, one caveat is that we need to use ‘FROM DUAL‘ when testing the number of columns.

The Application
The Application

SQL Version

We need to use ‘FROM DUAL‘ as it’s an Oracle database. There is lots more information out there (such as on Stack Overflow) on why this matters so I will let you go fourth and do your own research. Once we have determined that there is two columns, we can then determine which columns contain text (should be both of them in this lab).

GET /filter?category=Corporate+gifts'+UNION+SELECT+NULL,NULL+FROM+DUAL-- HTTP/1.1
Burp Repeater
Burp Repeater

The SQL Injection

Now that we know that both columns contain text, we can tell the database that we want the version of the database. We can choose which column we want the information injected in to, but we also need to supply the NULL value for the column we don’t use. As you can see from the code and the image below, I have opted to use the first column to return the information, and then used ‘NULL‘ for the second column. We then specify that we want the server ‘BANNER‘ from ‘v$version‘.

GET /filter?category=Corporate+gifts'+UNION+SELECT+BANNER,NULL+FROM+v$version-- HTTP/1.1
SQL Injection to get version information
SQL Injection to get version information

You can then append the query to your request and the results should be displayed in the applications response. Congratulations you have just solved this lab.

SQL Version Information
SQL Version Information

PortSwigger Web Security Academy: SQL injection 4

Hello friends and today HaXeZ is looking at the 4th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the third lab. However, this time there is only one column that supports text. We will need to concatenate the results in order to complete the lab.

SQL injection UNION attack, retrieving multiple values in a single column
SQL injection UNION attack, retrieving multiple values in a single column

SQL injection UNION attack, retrieving multiple values in a single column

We’ve already completed the previous lab that required us to get data from another table. I’m going to skip the steps to determine the number of columns and which of those columns contain text. You will use the same methods used previously to determine this.

The Lab
The Lab

The Application

As you can see from the image below, the application follows the same design as the other ones. It has a navigation menu along the top and a list of products underneath. However, this time we only have the name of the products. Previously, we had a description that allowed us to retrieve both the username and password.

The Application
The Application

Concatenation

Once we’ve worked out how many columns there are, and how many of those columns contain text. It’s time to figure out how we’re going to get the contents from two columns into a single column. This is called concatenation and is particularly useful when you only have one column to work with. In order to do this, we need to intercept the request. After a bit of poking around with the repeater, we have deduced that there are two columns but only the second column allows text.

GET /filter?category=Accessories'+UNION+SELECT+NULL,'a'-- HTTP/1.1

So now we need to concatenate the values from the usernames and passwords columns in the user’s table. In order to do this, we can use the following characters ‘||'~'||‘. The double pipe and the tilde in single quotation marks will tell the database that we want to merge the data from the usernames and passwords column. The tilde acts as a delimiter character which allows us to see where the username ends and the password begins.

GET /filter?category=Accessories'+UNION+SELECT+NULL,username||'~'||password+FROM+users-- HTTP/1.1
SQL Injection Concatenation
SQL Injection Concatenation

The SQL Injection with Concatenation

So now that we have our syntax, we can append it to the request and forward it back to the application. Once the server processes the request, we should have the results of the SQL injection at the bottom of the page. The username and passwords will be separated with a tilde.

SQL Injection with Concatination
SQL Injection with Concatination

And that’s it. All you need to do now is to grab the administrator username and password and login to the application to complete the lab. The power of concatenation is awesome, I learned a lot from this lab.

Administrator Login

PortSwigger Web Security Academy: SQL injection 3

Hello friends and today HaXeZ is looking at the 3rd SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the second lab, and extend it. This time we’re going to retrieve the contents of the username and password columns from the user table.

SQL injection UNION attack, retrieving data from other tables
SQL injection UNION attack, retrieving data from other tables

SQL injection UNION attack, retrieving data from other tables

As I mentioned, this lab requires you to use the techniques we’ve learned so far and build on them to retrieve the username and password columns from the users table. As always, we have our green button to head to the lab.

The Application

The application follows the same theme that we have been seeing in other labs. Navigation menu along the top with a list of descriptions underneath. However, this time it seems like we may only have two columns. There is a title that is in bold font, and a description that is in regular font. We can intercept a request to one of the categories to find out. Head to Burp, turn on intercept and click one of the links.

Intercepted!

With the request intercepted, we can start to enumerate the structure of the database. For example, we can start by determining how many columns there are using ‘UNION SELECT NULL-- ‘ method. As you can see from the image below, it appears that there are two columns. We increased the number of ‘NULL‘ values in our injection until we stopped receiving a 500 error.

UNION SELECT NULL Method
UNION SELECT NULL Method

Next, we need to determine which columns are capable of handling text. We don’t want to try and dump our usernames and passwords into columns that can only display numbers. In order to do this, we replace the NULL value with a quoted string such as ‘test’. Since we only have two columns and both of the columns displayed text, it’s a safe bet to assume ‘UNION SELECT 'test','test'-- ‘ would work. In the picture below I have used ‘a’ because I’m lazy.

Working Out Text Columns
Working Out Text Columns

The Injection

So following the logic we have learned so far we should now be able to dump the contents of the usernames and passwords columns from the user’s table. The syntax is pretty simple especially if you’re already somewhat familiar with Structured Query Language. We replace the test values with the columns we want and then specify where those columns are. You may have to play around with the spacing, especially at the end.

'+UNION+SELECT+USERNAME,+PASSWORD+FROM+users-- 
The SQL Injection
The Injection

That’s it, you can forward the request to the application which should solve the lab. When the final page renders, you should have the username and passwords at the bottom of the page.

SQL injection Results
The Results

Amendedment

Don’t forget to log in as the administrator or else you won’t solve the lab. Whoops.

Log In
Log In