Brute Forcing Forms with Hydra Hydra is more capable than just brute-forcing services, this tool can also brute force web forms. hydra -v -L mypusers -P /usr/share/wordlists/rockyou.txt -s 8000 127.0.0.1 http-post-form "/login:username=^USER^&password=^PASS^":"F=Failed" Dirb/DirBuster not returning anything? Change the user-agent. Some applications...
Hardening ASP.NET Response Headers (Code) A reliable way to harden your ASP.NET web application is to remove and skew the response headers via code. This will throw off automated scans that are performing banner grabbing in an attempt to identify vulnerabilities. There are ways to do this in IIS, however, performing this in code...
SSH Tunneling When you need to access a server/client behind a firewall that doesn't allow port forwarding you can use SSH tunneling to bypass that if an SSH server is running. Pivoting is a sneaky technique that hackers use to access computers, servers, and services behind firewalls. These examples will use OpenSSH. I think...
Must Haves for the IT Professionals Over the years I've used some really cool devices and services and I find these all to be very useful tools that I personally must own. DeepCool So, I was a hacker party once and my friend was like, "You have...
Post Exploitation Recon I frequently experience dead-ends on the more difficult CTF boxes. I've found that once acquiring a reverse shell I need to do some extensive internal recon. Sometimes the service that will be vulnerable is hidden and you must find it. Here are some ideas...
Enumerating Samba/SMB Servers Unintentionally leaving port 445 open or misconfiguring Samba can risk catastrophic damage to a corporation. Enumerating the Samba/SMB port can return critical information about file shares, users, printers and network groups. This can be a cornerstone for brute forcing accounts and accessing unprotected Samba shares. enum4linux
PowerShell for Hackers As I'm learning more PowerShell and dabbling into hacking I will be composing a list of techniques and scripts that I find very beneficial for administration and pen-testing. Basics ipconfig System Running Processes Get-Process
Parrot OS 4.7 Full-Screen Issue This is a quick easy fix. By default, it appears that Parrot OS 4.7 virtual appliance (.ova) doesn't come with VirtualBox Guest Additions installed. Once you have booted up Parrot OS run this command to install the VirtualBox Guest Utilities. Once this is installed, you may reboot and everything...
Changing the DNS Server on your ISP's Router One of the ways your ISP is spying on you is through monitoring your DNS requests. Each time you visit a website the TCP/IP handshake reaches out to your ISP and asks to get the IP Address of a domain name (website) you are visiting. This...
73.9 ° F