it security
  • Hide malicious shell in image file
    Many times, uploading a malicious file (such as a .php reverse shell) to the victim machine, and making it work, is not so obvious. The victim’s web administrator may have set filters to help determine the types of files that can be uploaded to their server. In fact, a good web administrator allows you to… Continue reading Hide malicious shell in image file
  • How to enumerate for privilege escalation
    Intro When the attacker has managed to gain shell access to the victim’s machine, it is important to immediately understand what permissions he has. In other words, the user with whom the attacker accessed the victim may not be “root” (or administrator) and therefore may not have permission to do everything on that victim’s system.… Continue reading How to enumerate for privilege escalation
  • Why use a VPN
    VPN stands for VIRTUAL PRIVATE NETWORK. VPN is a virtual network which guarantees privacy and increases security on browsing data.
  • Create your own website with wordpress.org – starting from scratch
    Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with wordpress.org – starting from scratch
  • TryHackMe – Cold VVars writeup
    TryHackMe – Cold VVars This is my TryHackMe – Cold VVars machine writeup. Scanning victim’s IP using nmap tool to see open ports the result is: Browsing on port 8082 we can see that there is a website then I decided to scan it using “dirb”. So I found “login” section: Browsing in it: After a few tries… Continue reading TryHackMe – Cold VVars writeup
  • sqlmap
    Sqlmap is an open source software used to automate SQL injection search within web applications. With Sqlmap it is possible to find the vulnerability, exploit it and connect to the database to view, modify or delete the tables. SQL injection is a hacking technique that aims to inject code by exploiting vulnerabilities in a web… Continue reading sqlmap
  • hashcat
    Hashcat is a password recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU. With hashcat you can do brute-force or dictionary attacks to an encrypted password. Dictionary attack Once you get a password’s hash, you can start a dictionary attack with following command: hashcat  –force -m 1800… Continue reading hashcat
  • Shell spawning
    Once you get a shell on the linux victim machine this shell could be without TTY (terminal connection) and most likely to go on with the penetration test you will need to spawn TTY shell. In fact, a shell without the TTY functions does not allow you to perform important things such as the simple… Continue reading Shell spawning
  • Reverse Shell one liner – how to do it
    If during a penetration test you discover an RCE (Remote Code Execution) vulnerability most likely what you need is to run a Reverse Shell to gain more control over the victim machine. An RCE is a vulnerability that allows you to execute commands on the victim. And this is why if I activate a listener… Continue reading Reverse Shell one liner – how to do it
  • TryHackMe – Git and Crumpets writeup
    TryHackMe – Git and Crumpets This is my TryHackMe – Git and Crumpets machine writeup. Scanning victim’s IP using nmap tool to see open ports, the result is that only the ports 22 and 80 are open. It also reports the door 9090 as closed. If I browse 10.10.118.165 I see a redirection to youtube… Continue reading TryHackMe – Git and Crumpets writeup