Keeping Cyber Security Simple
The Confessions of a Pentester Series, is the work of a pentester that goes by the handle of EasyGhost and was originally posted over at HackForums.net. EasyGhost was nice enough to give me permission to post his collection of Real world engagements, which I found to be a excellent read and shows the mindset of a pentester when breaking into a Network. I thought it would be interesting to share some of my real…
Command injection also is known as OS Command injection, is an attack technique used to execute commands on a host operating system via a vulnerable web application. Command Injection attacks are possible when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, and so on) to a system shell. These commands are executed with the privileges of the vulnerable application. These attacks are due to the web application not having sufficient input validation…
What is THC-Hydra? Hydra is a very fast online password cracking tool, which can perform rapid dictionary attacks against more than 50 Protocols, including Telnet, RDP, SSH, FTP, HTTP, HTTPS, SMB, several databases and much more. THC (The Hackers Choice) created Hydra for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. Installing THC-Hydra If you are running Kali Linux you will already have…
What is SQL Injection? SQL Injection is a code injection technique used to attack data driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an applications software for example when users input is either incorrectly filtered for a string literal escape characters embedded in SQL statements or user input…
LAMP is an acronym of the names of its original four open-source components used for building dynamic websites and web applications, These components are Linux, Apache, MySQL and PHP (or Perl). The equivalent installation on Microsoft Windows operating system is known as WAMP. To make this server vulnerable, we will be installing outdated versions of PHP and setting up broken web applications, these applications are used for learning how to hack\pentest using various different…
Linux Mint is a Ubuntu-based distribution whose goal is to provide a complete out-of-the-box experience by including browser plugins, media codecs, support for DVD playback also because its Ubuntu-based, Linux Mint is compatible with Ubuntu repositories, Hell ” It’s my favourite distribution”. This Post is going to run through Installing Mint 18 (Sarah) into VirtualBox. You can download Mint from here and I will assume that VirtualBox is already installed and ready to go. If VirtualBox is not…
Kali Linux is a Debian-based Linux distribution aimed at advance Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security. It was released on the 13th March 2013 as a complete top-to-bottom rebuild of BackTrack Linux, adhering completely to Debian development standards. The first thing to get straight is if…
You don’t have to work long in a computer support role before you get the question ” What is my WiFi password” and this can sometimes mean, you have to reset the WiFi password on the router\access point, as the password is stared out for security reasons and then wait for the fall out of calls after. If there is a windows box still connected to the WiFi you can run the commands below…
Mr Robot: 1 CTF (Capture the Flag) is a downloadable Virtual Machine from Vulnhub. Which is a site that has purposely built Virtual machines for you to hack. Each one varies in difficulty and allows you to hone your skills and even pick up new ones. If your interested in giving it a go yourself, this Virtual Machine can be downloaded here https://download.vulnhub.com/mrrobot/mrRobot.ova Description: Based on the show Mr Robot. This VM has three…
About a month ago a member of hack forums called Gangs posted a tutorial on how to hack digital billboards with a simple SQL injection, I thought it cant be that simple and tested it out myself, To my surprise, even in 2016 SQL injection is still a valid attack vector on sites connected to the internet, I’m guessing that’s why its still in the OWASP (Open Web Application Security Projects) Top 10. Click this…
