it security
  • TryHackMe – Surfer writeup
    TryHackMe – Surfer writeup This is my TryHackMe – Surfer machine writeup. Scanning victim’s IP using “nmap” I find that ports 22 and 80 are open. Navigating the web site (port 80) I find a login page. Instead, using “dirb” I find many useful things including “robots.txt”. The content of “robots.txt” is: Disallow: /backup/chat.txt Then I browse “victim_IP/backup/chat.txt”… Continue reading TryHackMe – Surfer writeup
  • How to enumerate subdomains
    During a pentest on a web server it can certainly be useful to enumerate the victim’s domain to see if there are any subdomains, in order to test everything. To do this you can use the following main methods: — Dns zone transfer — With this method it is possible to take advantage of the… Continue reading How to enumerate subdomains
  • Hide malicious shell in image file
    Many times, uploading a malicious file (such as a .php reverse shell) to the victim machine, and making it work, is not so obvious. The victim’s web administrator may have set filters to help determine the types of files that can be uploaded to their server. In fact, a good web administrator allows you to… Continue reading Hide malicious shell in image file
  • How to enumerate for privilege escalation
    Intro When the attacker has managed to gain shell access to the victim’s machine, it is important to immediately understand what permissions he has. In other words, the user with whom the attacker accessed the victim may not be “root” (or administrator) and therefore may not have permission to do everything on that victim’s system.… Continue reading How to enumerate for privilege escalation
  • Why use a VPN
    VPN stands for VIRTUAL PRIVATE NETWORK. VPN is a virtual network which guarantees privacy and increases security on browsing data.
  • Create your own website with – starting from scratch
    Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with – starting from scratch
  • TryHackMe – Cold VVars writeup
    TryHackMe – Cold VVars This is my TryHackMe – Cold VVars machine writeup. Scanning victim’s IP using nmap tool to see open ports the result is: Browsing on port 8082 we can see that there is a website then I decided to scan it using “dirb”. So I found “login” section: Browsing in it: After a few tries… Continue reading TryHackMe – Cold VVars writeup
  • sqlmap
    Sqlmap is an open source software used to automate SQL injection search within web applications. With Sqlmap it is possible to find the vulnerability, exploit it and connect to the database to view, modify or delete the tables. SQL injection is a hacking technique that aims to inject code by exploiting vulnerabilities in a web… Continue reading sqlmap
  • hashcat
    Hashcat is a password recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU. With hashcat you can do brute-force or dictionary attacks to an encrypted password. Dictionary attack Once you get a password’s hash, you can start a dictionary attack with following command: hashcat  –force -m 1800… Continue reading hashcat
  • Shell spawning
    Once you get a shell on the linux victim machine this shell could be without TTY (terminal connection) and most likely to go on with the penetration test you will need to spawn TTY shell. In fact, a shell without the TTY functions does not allow you to perform important things such as the simple… Continue reading Shell spawning