What is the dark web and how to access it

First of all let’s show the differences between the part of the internet that can be indexed by traditional search engines and easily accessible from the internet and the whole other “hidden” part. The entire web is divided into the following parts: Surface Web: it is the part of the web that is easily accessible… Continue reading What is the dark web and how to access it

TryHackMe – Surfer writeup

TryHackMe – Surfer writeup This is my TryHackMe – Surfer machine writeup. Scanning victim’s IP using “nmap” I find that ports 22 and 80 are open. Navigating the web site (port 80) I find a login page. Instead, using “dirb” I find many useful things including “robots.txt”. The content of “robots.txt” is: Disallow: /backup/chat.txt Then I browse “victim_IP/backup/chat.txt”… Continue reading TryHackMe – Surfer writeup

How to enumerate subdomains

During a pentest on a web server it can certainly be useful to enumerate the victim’s domain to see if there are any subdomains, in order to test everything. To do this you can use the following main methods: — Dns zone transfer — With this method it is possible to take advantage of the… Continue reading How to enumerate subdomains

How to enumerate for privilege escalation

Intro When the attacker has managed to gain shell access to the victim’s machine, it is important to immediately understand what permissions he has. In other words, the user with whom the attacker accessed the victim may not be “root” (or administrator) and therefore may not have permission to do everything on that victim’s system.… Continue reading How to enumerate for privilege escalation

Create your own website with wordpress.org – starting from scratch

Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with wordpress.org – starting from scratch


Sqlmap is an open source software used to automate SQL injection search within web applications. With Sqlmap it is possible to find the vulnerability, exploit it and connect to the database to view, modify or delete the tables. SQL injection is a hacking technique that aims to inject code by exploiting vulnerabilities in a web… Continue reading sqlmap


Hashcat is a password recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU. With hashcat you can do brute-force or dictionary attacks to an encrypted password. Dictionary attack Once you get a password’s hash, you can start a dictionary attack with following command: hashcat  –force -m 1800… Continue reading hashcat

Shell spawning

Once you get a shell on the linux victim machine this shell could be without TTY (terminal connection) and most likely to go on with the penetration test you will need to spawn TTY shell. In fact, a shell without the TTY functions does not allow you to perform important things such as the simple… Continue reading Shell spawning

john the ripper

John the Ripper is the main tool for cracking encrypted password. John offers different operating modes. It is possible to perform dictionary or brute force attacks. It also automatically detects the type of encryption used by the hash. Basic command For use john we must have password hash saved in a file. John’s basic command is:… Continue reading john the ripper


Hydra is the tool for excellence to perform password and brute force attacks. It is very powerful and supports various protocols, including: FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, POP3, POSTGRES, RDP, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Telnet, VMware-Auth, VNC eXMPP… Continue reading hydra


Burp-Suite is a IT security tool usefull for testing web applications. Its feature is capturing packets and analize them with many tools… from Proxy to Repeater, for example. How can it capture the traffic? Burp is a proxy server and all requests to a site pass through it. You have to setup proxy in your… Continue reading burp-suite


​​Nmap is a very helpful tool for scanning and mapping network, finding active hosts and services. But it also is used for discover hosts in a network and find relatives OS. Another feature of Nmap is that it can do a vulnerability scan. For these reasons it is used in the Information Gathering phase of a… Continue reading nmap

eLearnSecurity ECPPTv2 review

– I am writing this review to let readers know how satisfied I am to have completed the eLearnSecurity course that led me to obtain the ECPPT v2 certification. In my opinion ECPPT is a complete course covering all the most important areas of the penetration testing. My review will not be specific. I will… Continue reading eLearnSecurity ECPPTv2 review

TryHackMe – VulnNet:Roasted writeup

TryHackMe VulnNet:Roasted May 17·7 min read     This is my TryHackMe VulnNet:Roasted machine writeup. I state that in this writeup the victim’s ip address changes because I had to restart the machine several times. nmap basic results: Starting Nmap 7.91 ( https://nmap.org ) at 2021–05–15 10:42 CESTNmap scan report for is up (0.095s latency).Not shown:… Continue reading TryHackMe – VulnNet:Roasted writeup

TryHackMe — USTOUN writeup

TryHackMe – USTOUN writeup Apr 11·6 min read       This is a writeup of USTOUN TryhackMe machine First I run basic nmap scan to find open ports and the result is: PORT STATE SERVICE VERSION53/tcp open domain Simple DNS Plus88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2021–04–03 06:37:08Z)135/tcp open msrpc Microsoft Windows RPC139/tcp open… Continue reading TryHackMe — USTOUN writeup

TryHackMe – Enterprise writeup

TryHackMe – Enterprise writeup   Mar 22·7 min read         This is my writeup of enterprise TryHackMe machine. nmap basic results: PORT STATE SERVICE VERSION53/tcp open domain Simple DNS Plus80/tcp open http Microsoft IIS httpd 10.088/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2021–03–20 16:43:45Z)135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn… Continue reading TryHackMe – Enterprise writeup

TryHackMe – broker writeup

TryHackMe – broker writeup – Mar 12·3 min read – – This is my writeup of TryHackMe broker machine. – I solved this challenge as follows: nmap result: Browsing to i found ActiveMQ: Clicking “Manage ActiveMQ broker” and accessing with standard credentials admin:admin I was able to logging in. I found that ActiveMQ is 5.9.0 version… Continue reading TryHackMe – broker writeup

DOM XSS attack

    DOM XSS attack In short, Document Object Model (DOM) is the hierarchical structure objects of an HTML document, generated by the web-browser to represent the document. The utility of DOM is to easily access the contents of the document. An example of a simple structure of a DOM is the following: W3C defines… Continue reading DOM XSS attack

eLearnSecurity eJPT/PTS review

–   My first certificate is eJPT from eLearnSecurity. I got it about a year ago. I state that i have always been fascinated by computer security and computer science in general, but being still not very practical in the field, before starting the course, i made a good  acquaintance (searching a lot on the internet) about… Continue reading eLearnSecurity eJPT/PTS review


My credentials are EJPT and ECPPTv2 certificates from eLearnSecurity (you can find the certs reviews here). Now I’m working on hackthebox in which, to date, I gained “Guru” rank and on TryHackMe in which I got [0xD][GOD] rank (maximum rank). ​ My first computer was a Commodore Plus 4 in the 80s (when I was… Continue reading whoami

Categorized as Blog, Home
Dark Mode