Currently Browsing: March 2019
In this guide, I will put together an example attack against one of metasploitable’s vulnerable Linux virtual machines. If you plan on replicating this, you must ensure you do not expose the metasploitable VM to the outside network otherwise anyone may attack your machine. On VMware there is a “Host-only” setting for your network adapter […]
SPARTA is a GUI network penetration testing tool that easily coordinates and saves your reconnaissance and vulnerability scans. By default, many open source tools can be run against a target with a simple click and Sparta is also written in python which makes adding customized modules easy to develop. SPARTA comes standard in the latest […]
Remote File Inclusions (RFIs) is similar to a Local File Inclusion (LFI) and occur when a HTML GET request has an unsanitized variable input. Unlike a LFI, Remote File Inclusions allow you to reach across the internet and execute any file you desire. Combine this with hosting your own malicious php reverse shell, and you […]
Local File Inclusions occur when an HTTP-GET request has an unsanitized variable input which will allow you to traverse the directory and read files. This attack can often provide key information during a reconnaissance and can sometimes be used to gain remote code execution. A website will indicate it is getting variables with a ? […]
Before you can execute your first exploit you need to get set up with the right environment. For any beginners, Kali Linux is the best place to start. It is an open source Linux distribution that comes complete with the tools necessary to begin advanced penetration testing. To get running with your own Kali environment, […]
John the Ripper is one of the most common and powerful password crackers on the market. John has a Pro version which includes some extra useful features but most of the prime functionality a pentester needs can be found in its free version. John is able to take dozens of different password hashes, pilfered from […]
Nmap is an essential tool for any recon. This flexible and powerful tool will provide you with all the capability you need to begin any reconnaissance for a pentest or capture the flag exercise. It’s only concern is that many of its scripts are considerably noisy and will immediately notify any network defender paying attention. […]
Netcat is a tool that can read and write TCP and UDP ports. This tool may not strike you as impressive but its simple and effective nature has made it so ubiquitous that it has been known as the Hacker’s Swiss Army Knife. It is regularly used to connect to a target service, port scan, […]
Researchers at the ProofPoint Threat Research Team recently released a report detailing the growing trend of hackers abusing LinkedIn to pose as legitimate recruiters interested in hiring them for their next position. The hackers reach out through LinkedIn’s direct messaging service, pretending to be a staffing company with an offer of employment for someone with […]
As the never-ending cat and mouse game advances in the world of cyber security we have seen a novel growth in the methodologies of malicious actors to avoid the ever-growing list of defensive products on the market. According to the annual 2019 IBM X-Force Threat Intelligence Index, cybercriminals have decreased their reliance on malware and […]
