Hacking

Must Haves for the IT Professionals Over the years I've used some really cool devices and services and I find these all to be very useful tools that I personally must own. DeepCool So, I was a hacker party once and my friend was like, "You have to try this.". This product sits beneath your laptop while circulating air and improving the...

Post Exploitation Recon I frequently experience dead-ends on the more difficult CTF boxes. I've found that once acquiring a reverse shell I need to do some extensive internal recon. Sometimes the service that will be vulnerable is hidden and you must find it. Here are some ideas... Running nmap Through SOCKS4 Proxy (SSH) with Proxychains Connect to the remote host (server) using...

Enumerating Samba/SMB Servers Unintentionally leaving port 445 open or misconfiguring Samba can risk catastrophic damage to a corporation. Enumerating the Samba/SMB port can return critical information about file shares, users, printers and network groups. This can be a cornerstone for brute forcing accounts and accessing unprotected Samba shares. enum4linux Enum4Linux comes installed on Parrot OS 4.7 by default. You may have to...

PowerShell for Hackers As I'm learning more PowerShell and dabbling into hacking I will be composing a list of techniques and scripts that I find very beneficial for administration and pen-testing. Basics Linux Like Watch Command System Running Processes IP to Hostname Is Server Virtual or Physical? Lookup User Information Change File Modified Date and Time Find Apps Running on Port Base64 Querying Databases https://gist.github.com/cmatskas/08411b916ab01e3f1439#file-powershellsqlquery-ps1 Domain Controllers Downloading Files with PowerShell PowerShell Reverse Shells https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#powershell Kubernetes kubectl...

Parrot OS 4.7 Full-Screen Issue This is a quick easy fix. By default, it appears that Parrot OS 4.7 virtual appliance (.ova) doesn't come with VirtualBox Guest Additions installed. Once you have booted up Parrot OS run this command to install the VirtualBox Guest Utilities. Once this is installed, you may reboot and everything should be fine. VirtualBox Guest Additions The VirtualBox...

Changing the DNS Server on your ISP's Router One of the ways your ISP is spying on you is through monitoring your DNS requests. Each time you visit a website the TCP/IP handshake reaches out to your ISP and asks to get the IP Address of a domain name (website) you are visiting. This happens even if the website is...

Force TLS in .NET Versions before ASP.NET 4.7 default to making outbound connections using TLS 1.0. This is a real problem for security for many reasons. It's now been deprecated with many CVEs. Some of these vulnerabilities make TLS 1.0 vulnerable to man-in-the-middle attacks. A lot of APIs will not accept incoming requests from TLS 1.0 because of this. TLS 1.0...

CTFs I've Completed These are CTFs I've completed. I typically try and go as far as I can and only use a walkthrough if I get stuck. A "*" designates that I was able to find, exploit and root a box with the most minimal assistance, meaning I knew what to do but needed the slightest assistance. Beginner Covfefe DC 1, 4DerpNStink...

Command Line MySQL for Hackers Learning to connect to a MySQL server via command line is extremely useful in many situations especially for penetration testing. It's quick, easy to learn and the fastest way to get in. General MySQL CLI Connect to the Database This command will log you into the MySQL server with user "user" on host address 192.168.0.26. ┌───└──╼ $ nmap -sV...

Upgrading Firmware on a Ubiquiti Edgerouter Lite with SSH The Ubiquiti Edgerouter Lite provides the ability to create a virtual LAN (vLAN) for $129 dollars. This is a quality VPN solution that was highly recommend from someone who owns a data center. Seriously... well worth the money. Upgrading my router from firmware version 1.2 was difficult because there is a bug...