First of all let’s show the differences between the part of the internet that can be indexed by traditional search engines and easily accessible from the internet and the whole other “hidden” part. The entire web is divided into the following parts: Surface Web: it is the part of the web that is easily accessible… Continue reading What is the dark web and how to access it
Author: admin
Updating kernel in Gentoo Linux
Updating kernel in Gentoo Linux The kernel is the heart of an operating system. It provides secure and controlled hardware access to running processes. It can therefore be understood how important it is, in terms of IT security, to update the kernel. Here are the commands to update the kernel in Gentoo OS. Once you… Continue reading Updating kernel in Gentoo Linux
A little bit about Gentoo Linux
A little bit about Gentoo Linux In my opinion one of the most fascinating linux-based operating systems is Gentoo Linux. Any respected Nerd should have managed to install and update Gentoo as well as try to solve on their own the various problems that arise during the previous two phases. The main feature of this… Continue reading A little bit about Gentoo Linux
TryHackMe – Surfer writeup
TryHackMe – Surfer writeup This is my TryHackMe – Surfer machine writeup. Scanning victim’s IP using “nmap” I find that ports 22 and 80 are open. Navigating the web site (port 80) I find a login page. Instead, using “dirb” I find many useful things including “robots.txt”. The content of “robots.txt” is: Disallow: /backup/chat.txt Then I browse “victim_IP/backup/chat.txt”… Continue reading TryHackMe – Surfer writeup
How to enumerate subdomains
During a pentest on a web server it can certainly be useful to enumerate the victim’s domain to see if there are any subdomains, in order to test everything. To do this you can use the following main methods: — Dns zone transfer — With this method it is possible to take advantage of the… Continue reading How to enumerate subdomains
Hide malicious shell in image file
Many times, uploading a malicious file (such as a .php reverse shell) to the victim machine, and making it work, is not so obvious. The victim’s web administrator may have set filters to help determine the types of files that can be uploaded to their server. In fact, a good web administrator allows you to… Continue reading Hide malicious shell in image file
How to enumerate for privilege escalation
Intro When the attacker has managed to gain shell access to the victim’s machine, it is important to immediately understand what permissions he has. In other words, the user with whom the attacker accessed the victim may not be “root” (or administrator) and therefore may not have permission to do everything on that victim’s system.… Continue reading How to enumerate for privilege escalation
Why use a VPN
VPN stands for VIRTUAL PRIVATE NETWORK. VPN is a virtual network which guarantees privacy and increases security on browsing data.
Create your own website with wordpress.org – starting from scratch
Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with wordpress.org – starting from scratch
TryHackMe – Cold VVars writeup
TryHackMe – Cold VVars This is my TryHackMe – Cold VVars machine writeup. Scanning victim’s IP using nmap tool to see open ports the result is: Browsing on port 8082 we can see that there is a website then I decided to scan it using “dirb”. So I found “login” section: Browsing in it: After a few tries… Continue reading TryHackMe – Cold VVars writeup
sqlmap
Sqlmap is an open source software used to automate SQL injection search within web applications. With Sqlmap it is possible to find the vulnerability, exploit it and connect to the database to view, modify or delete the tables. SQL injection is a hacking technique that aims to inject code by exploiting vulnerabilities in a web… Continue reading sqlmap
hashcat
Hashcat is a password recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU. With hashcat you can do brute-force or dictionary attacks to an encrypted password. Dictionary attack Once you get a password’s hash, you can start a dictionary attack with following command: hashcat –force -m 1800… Continue reading hashcat
Shell spawning
Once you get a shell on the linux victim machine this shell could be without TTY (terminal connection) and most likely to go on with the penetration test you will need to spawn TTY shell. In fact, a shell without the TTY functions does not allow you to perform important things such as the simple… Continue reading Shell spawning
Reverse Shell one liner – how to do it
If during a penetration test you discover an RCE (Remote Code Execution) vulnerability most likely what you need is to run a Reverse Shell to gain more control over the victim machine. An RCE is a vulnerability that allows you to execute commands on the victim. And this is why if I activate a listener… Continue reading Reverse Shell one liner – how to do it
TryHackMe – Git and Crumpets writeup
TryHackMe – Git and Crumpets This is my TryHackMe – Git and Crumpets machine writeup. Scanning victim’s IP using nmap tool to see open ports, the result is that only the ports 22 and 80 are open. It also reports the door 9090 as closed. If I browse 10.10.118.165 I see a redirection to youtube… Continue reading TryHackMe – Git and Crumpets writeup
TryHackMe – Fusion Corp writeup
TryHackMe – Fusion Corp This is my TryHackMe Fusion Corp machine writeup. Firstly I ran nmap and the results was: As port 80 was open I used “dirb” command to see if there was some useful folder. So I found “backup” folder in which there was a file named “employees.ods”. I downloaded and open it.… Continue reading TryHackMe – Fusion Corp writeup
john the ripper
John the Ripper is the main tool for cracking encrypted password. John offers different operating modes. It is possible to perform dictionary or brute force attacks. It also automatically detects the type of encryption used by the hash. Basic command For use john we must have password hash saved in a file. John’s basic command is:… Continue reading john the ripper
hydra
Hydra is the tool for excellence to perform password and brute force attacks. It is very powerful and supports various protocols, including: FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, POP3, POSTGRES, RDP, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Telnet, VMware-Auth, VNC eXMPP… Continue reading hydra
wireshark
wireshark
burp-suite
Burp-Suite is a IT security tool usefull for testing web applications. Its feature is capturing packets and analize them with many tools… from Proxy to Repeater, for example. How can it capture the traffic? Burp is a proxy server and all requests to a site pass through it. You have to setup proxy in your… Continue reading burp-suite
nmap
Nmap is a very helpful tool for scanning and mapping network, finding active hosts and services. But it also is used for discover hosts in a network and find relatives OS. Another feature of Nmap is that it can do a vulnerability scan. For these reasons it is used in the Information Gathering phase of a… Continue reading nmap
eLearnSecurity ECPPTv2 review
– I am writing this review to let readers know how satisfied I am to have completed the eLearnSecurity course that led me to obtain the ECPPT v2 certification. In my opinion ECPPT is a complete course covering all the most important areas of the penetration testing. My review will not be specific. I will… Continue reading eLearnSecurity ECPPTv2 review
TryHackMe – VulnNet:Roasted writeup
TryHackMe VulnNet:Roasted May 17·7 min read This is my TryHackMe VulnNet:Roasted machine writeup. I state that in this writeup the victim’s ip address changes because I had to restart the machine several times. nmap basic results: Starting Nmap 7.91 ( https://nmap.org ) at 2021–05–15 10:42 CESTNmap scan report for 10.10.33.1Host is up (0.095s latency).Not shown:… Continue reading TryHackMe – VulnNet:Roasted writeup
TryHackMe — USTOUN writeup
TryHackMe – USTOUN writeup Apr 11·6 min read This is a writeup of USTOUN TryhackMe machine First I run basic nmap scan to find open ports and the result is: PORT STATE SERVICE VERSION53/tcp open domain Simple DNS Plus88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2021–04–03 06:37:08Z)135/tcp open msrpc Microsoft Windows RPC139/tcp open… Continue reading TryHackMe — USTOUN writeup
TryHackMe – Enterprise writeup
TryHackMe – Enterprise writeup Mar 22·7 min read This is my writeup of enterprise TryHackMe machine. nmap basic results: PORT STATE SERVICE VERSION53/tcp open domain Simple DNS Plus80/tcp open http Microsoft IIS httpd 10.088/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2021–03–20 16:43:45Z)135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn… Continue reading TryHackMe – Enterprise writeup
TryHackMe – broker writeup
TryHackMe – broker writeup – Mar 12·3 min read – – This is my writeup of TryHackMe broker machine. – I solved this challenge as follows: nmap result: Browsing to 10.10.81.90:8161 i found ActiveMQ: Clicking “Manage ActiveMQ broker” and accessing with standard credentials admin:admin I was able to logging in. I found that ActiveMQ is 5.9.0 version… Continue reading TryHackMe – broker writeup
DOM XSS attack
DOM XSS attack In short, Document Object Model (DOM) is the hierarchical structure objects of an HTML document, generated by the web-browser to represent the document. The utility of DOM is to easily access the contents of the document. An example of a simple structure of a DOM is the following: W3C defines… Continue reading DOM XSS attack
eLearnSecurity eJPT/PTS review
– My first certificate is eJPT from eLearnSecurity. I got it about a year ago. I state that i have always been fascinated by computer security and computer science in general, but being still not very practical in the field, before starting the course, i made a good acquaintance (searching a lot on the internet) about… Continue reading eLearnSecurity eJPT/PTS review
whoami
My credentials are EJPT and ECPPTv2 certificates from eLearnSecurity (you can find the certs reviews here). Now I’m working on hackthebox in which, to date, I gained “Guru” rank and on TryHackMe in which I got [0xD][GOD] rank (maximum rank). My first computer was a Commodore Plus 4 in the 80s (when I was… Continue reading whoami