Crack the Hash Challenge

In this tutorial i am going to be doing something a bit different then my normal tutorials and create a walk-through for the crack the hash challenge from tryhackme.com I recently purchased a new NVIDIA Graphics card for my Lab PC, nothing to special just a 1050 TI to try and crack hashes a little faster then my poor laptop could handle. So i thought i would take the opportunity to level up on…

Creating a Payload with Msfvenom

In this tutorial, I am going to give you a quick overview on how to generate a Metasploit payload with Msfvenom. Msfvenom allows you to quickly generate custom Metasploit payloads on the fly straight from the terminal. To follow along with this tutorial you are going to need to have a copy of Metasploit installed. Metasploit is already installed by default in Kali Linux; if you haven’t got kali setup yet check out my…

Banner Based Vulnerabilities For Microsoft Exchange smtpd

This Banner based Vulnerability is a common Exchange Server misconfiguration I see on PCI Compliance scans all the time. Try googling for this error and you just get a few forum pages telling you how to fix the issue; However, never explaining why this vulnerability happens in the first place. Also, check out my HTTP Header Internal IP Disclosure tutorial. If you find this vulnerability also on your PCI Compliance Report. Banner Based Vulnerabilities…

HTTP Header Internal IP Disclosure

In a recent PCI DSS Compliance Report, I had an HTTP Header Internal IP Disclosure Vulnerability; which, I have dealt with before on a vanilla 2016 Exchange server but have really struggled to find any up to date information on this Vulnerability and the best way to fix it… I use the term vulnerability very loosely in this tutorial as its what is stated in the PCI Compliance Report. Having only the internal IP…

Password Audit: Extracting hashes from Ntds.dit

In this tutorial, I will show you how to do a password audit of a Windows Domain Controller by extracting the NTLM password hashes from the Ntds.dit file; In order to crack the hashes with Hashcat and see their clear text value The Ntds.dit is a database that stores Active Directory data, which includes all the password hashes for all the users of the domain. To be able to retrieve the NTLM password hashes, we…

Top 10 Security YouTube Channels

My, Top 10 list of security YouTube Channels is not based on subscribers, or the amount of content they produce but my own personal views. Based mainly on how relevant I have found their content; coupled with, the direction they have been taking there channel. When I was doing the research for this list, I found all of the top links in Google stated, lots of vender specific channels like McAfee, Sophos or Kaspersky…

Brute Forcing Web Logins with DVWA

In this tutorial, I will show you how to beat the Low, Medium and Hard levels of the brute force challenge within DVWA (Dame Vulnerable Web App).  If you want to follow along and have not yet got DVWA setup, take a look at this tutorial on Setting up a Vulnerable LAMP Server. This will run you through setting up a vulnerable virtual machine and installing DVWA. I have used this as bases for all…

How To Hack Like a Legend (Book Review)

A few weeks ago I saw a Post over at hackforums.net that stated Bypassing Machine Learning tools and behavioural analysis. Intrigued by this I took a look only to find that it was someone promoting their new book How To Hack Like a Legend, after a few minutes it dawned on me that this was Sparc FLOW the same author of books like How To Hack Like a PornStar and How To Investigate Like a…

How to Capture & Crack WPA/WPA2 Wireless Passwords

In this tutorial, I will show you how to capture and then crack WPA/WPA2  Wireless passwords. This I hope will be part of a new series of tutorials dedicated to hacking wireless networks. The weakness in WPA/WPA2 wireless passwords is that the encrypted password is shared in what is known as a 4-way handshake. When a client authenticates to an access point the client and the access point go through a 4 step process…

Scanning and Port Forwarding through a Meterpreter Session

Once you have compromised a system with Meterpreter, your next goal is to learn more about your target environment. To accomplish this goal we can do all our scanning and port forwarding through our Meterpreter session and use our compromised system to pivot through the network. Find The IP Address First, we need to find out what IP address our compromised system has. Run Ipconfig from within the meterpreter session, this will list all…

Scroll to top