First of all let’s show the differences between the part of the internet that can be indexed by traditional search engines and easily accessible from the internet and the whole other “hidden” part. The entire web is divided into the following parts: Surface Web: it is the part of the web that is easily accessible… Continue reading What is the dark web and how to access it
Category: Home
Updating kernel in Gentoo Linux
Updating kernel in Gentoo Linux The kernel is the heart of an operating system. It provides secure and controlled hardware access to running processes. It can therefore be understood how important it is, in terms of IT security, to update the kernel. Here are the commands to update the kernel in Gentoo OS. Once you… Continue reading Updating kernel in Gentoo Linux
A little bit about Gentoo Linux
A little bit about Gentoo Linux In my opinion one of the most fascinating linux-based operating systems is Gentoo Linux. Any respected Nerd should have managed to install and update Gentoo as well as try to solve on their own the various problems that arise during the previous two phases. The main feature of this… Continue reading A little bit about Gentoo Linux
TryHackMe – Surfer writeup
TryHackMe – Surfer writeup This is my TryHackMe – Surfer machine writeup. Scanning victim’s IP using “nmap” I find that ports 22 and 80 are open. Navigating the web site (port 80) I find a login page. Instead, using “dirb” I find many useful things including “robots.txt”. The content of “robots.txt” is: Disallow: /backup/chat.txt Then I browse “victim_IP/backup/chat.txt”… Continue reading TryHackMe – Surfer writeup
How to enumerate subdomains
During a pentest on a web server it can certainly be useful to enumerate the victim’s domain to see if there are any subdomains, in order to test everything. To do this you can use the following main methods: — Dns zone transfer — With this method it is possible to take advantage of the… Continue reading How to enumerate subdomains
Hide malicious shell in image file
Many times, uploading a malicious file (such as a .php reverse shell) to the victim machine, and making it work, is not so obvious. The victim’s web administrator may have set filters to help determine the types of files that can be uploaded to their server. In fact, a good web administrator allows you to… Continue reading Hide malicious shell in image file
How to enumerate for privilege escalation
Intro When the attacker has managed to gain shell access to the victim’s machine, it is important to immediately understand what permissions he has. In other words, the user with whom the attacker accessed the victim may not be “root” (or administrator) and therefore may not have permission to do everything on that victim’s system.… Continue reading How to enumerate for privilege escalation
Why use a VPN
VPN stands for VIRTUAL PRIVATE NETWORK. VPN is a virtual network which guarantees privacy and increases security on browsing data.
Create your own website with wordpress.org – starting from scratch
Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with wordpress.org – starting from scratch
TryHackMe – Cold VVars writeup
TryHackMe – Cold VVars This is my TryHackMe – Cold VVars machine writeup. Scanning victim’s IP using nmap tool to see open ports the result is: Browsing on port 8082 we can see that there is a website then I decided to scan it using “dirb”. So I found “login” section: Browsing in it: After a few tries… Continue reading TryHackMe – Cold VVars writeup
sqlmap
Sqlmap is an open source software used to automate SQL injection search within web applications. With Sqlmap it is possible to find the vulnerability, exploit it and connect to the database to view, modify or delete the tables. SQL injection is a hacking technique that aims to inject code by exploiting vulnerabilities in a web… Continue reading sqlmap
hashcat
Hashcat is a password recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU. With hashcat you can do brute-force or dictionary attacks to an encrypted password. Dictionary attack Once you get a password’s hash, you can start a dictionary attack with following command: hashcat –force -m 1800… Continue reading hashcat
Shell spawning
Once you get a shell on the linux victim machine this shell could be without TTY (terminal connection) and most likely to go on with the penetration test you will need to spawn TTY shell. In fact, a shell without the TTY functions does not allow you to perform important things such as the simple… Continue reading Shell spawning
Reverse Shell one liner – how to do it
If during a penetration test you discover an RCE (Remote Code Execution) vulnerability most likely what you need is to run a Reverse Shell to gain more control over the victim machine. An RCE is a vulnerability that allows you to execute commands on the victim. And this is why if I activate a listener… Continue reading Reverse Shell one liner – how to do it
john the ripper
John the Ripper is the main tool for cracking encrypted password. John offers different operating modes. It is possible to perform dictionary or brute force attacks. It also automatically detects the type of encryption used by the hash. Basic command For use john we must have password hash saved in a file. John’s basic command is:… Continue reading john the ripper
hydra
Hydra is the tool for excellence to perform password and brute force attacks. It is very powerful and supports various protocols, including: FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, POP3, POSTGRES, RDP, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Telnet, VMware-Auth, VNC eXMPP… Continue reading hydra
wireshark
wireshark
burp-suite
Burp-Suite is a IT security tool usefull for testing web applications. Its feature is capturing packets and analize them with many tools… from Proxy to Repeater, for example. How can it capture the traffic? Burp is a proxy server and all requests to a site pass through it. You have to setup proxy in your… Continue reading burp-suite
nmap
Nmap is a very helpful tool for scanning and mapping network, finding active hosts and services. But it also is used for discover hosts in a network and find relatives OS. Another feature of Nmap is that it can do a vulnerability scan. For these reasons it is used in the Information Gathering phase of a… Continue reading nmap
eLearnSecurity ECPPTv2 review
– I am writing this review to let readers know how satisfied I am to have completed the eLearnSecurity course that led me to obtain the ECPPT v2 certification. In my opinion ECPPT is a complete course covering all the most important areas of the penetration testing. My review will not be specific. I will… Continue reading eLearnSecurity ECPPTv2 review
DOM XSS attack
DOM XSS attack In short, Document Object Model (DOM) is the hierarchical structure objects of an HTML document, generated by the web-browser to represent the document. The utility of DOM is to easily access the contents of the document. An example of a simple structure of a DOM is the following: W3C defines… Continue reading DOM XSS attack
eLearnSecurity eJPT/PTS review
– My first certificate is eJPT from eLearnSecurity. I got it about a year ago. I state that i have always been fascinated by computer security and computer science in general, but being still not very practical in the field, before starting the course, i made a good acquaintance (searching a lot on the internet) about… Continue reading eLearnSecurity eJPT/PTS review
whoami
My credentials are EJPT and ECPPTv2 certificates from eLearnSecurity (you can find the certs reviews here). Now I’m working on hackthebox in which, to date, I gained “Guru” rank and on TryHackMe in which I got [0xD][GOD] rank (maximum rank). My first computer was a Commodore Plus 4 in the 80s (when I was… Continue reading whoami