Razz Security Blog

Just another cybersecurity blog

Author: Mahesh Rao

  • Kioptrix Level – 1 Walkthrough | Vulnhub

    This walkthrough covers Kioptrix Level 1 from VulnHub, which is a boot2root challenge. You can download the machine from VulnHub. It is the first machine in the Kioptrix series, and the objective of this challenge is to gain root privileges and find the root user’s email. So, let’s start with some enumeration to identify our…

  • Windows 7 Penetration Testing (MS17-010) – EternalBlue SMB Exploit #2

    MS17-010, also known as EternalBlue, is one of the most infamous vulnerabilities in the history of Windows operating systems. It was publicly disclosed in March 2017 and rapidly weaponized by attackers around the world. EternalBlue exploits a vulnerability in Microsoft’s SMBv1 protocol, allowing remote code execution on unpatched systems—without authentication. This vulnerability gained notoriety after…

  • Windows XP Penetration Testing (MS08-067) – SMB Exploit #1

    MS08-067 was a major disaster in the history of technology for companies and tech professionals everywhere. It was disclosed by Microsoft on October 23, 2008, as part of a critical security update (Security Bulletin MS08-067). In late 2008 and throughout 2009, multiple worms—most notably Conficker—emerged using MS08-067 to self-propagate and infect millions of systems globally….

  • Basic Pentesting – 2 Walkthrough | Vulnhub

    Another Walkthrough of the Basic Pentesting series on Basic Pentesting: 2 VulnhubMachine made by Josiah Pierce. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. For more details or for downloading the machine go here. If you’ve solved the Basic Pentesting: 1 then this Machine is good for the next step and challenging one….

  • Basic Pentesting – 1 Walkthrough | Vulnhub

    This walkthrough covers Basic Pentesting: 1, a Vulnhub machine created by Josiah Pierce. It contains multiple remote vulnerabilities and several privilege escalation vectors. For more details or to download the machine, visit the official Vulnhub page. After setting up the machine, I started by scanning the entire network using Nmap with a ping scan to…