In this post I would like to introduce you to a not so well-known yet useful Kali Linux for exploitation as well as maintaining access. This Kali Linux tool called Backdoor-Factory.
Backdoor factory can be used to gain access to Windows 7, 8, and 10. Even though this tool is useful but it is not very convenient since the victim needs to execute a certain executable file before we can get the session to gain the access. However, it is good in a way when we do not want the victim to be suspicious since when the victim executes the file, the victim would not know the malicious shellcode is running in the background. Continue reading
After installing DVWA a couple weeks ago, it is futile if we do not make use of it. Just like what Anton Checkov said “Knowledge is of no value unless you put it into practice”. DVWA is one of the safest place for pentester to learn. Here in DVWA we could learn a lot such as reading and understanding the code and finding its vulnerability, trying to do brute force, command injection, and many more. In this post I will cover low level sql injection and low level file inclusion.
if you have not install the DVWA please refer to DVWA installation. Else, lets start.
Social Engineering in term of information security means the use of deception to manipulate individuals to share their personal information. Social engineering can also deceive people to think that they are doing the right thing but in reality they are not. Why we should be aware of social engineering? Development of technology like web application depends on people, process, and technology. Among those three, it can be said that people are the weakest link to break into the system.
One way to do social engineering is to get a person’s personal information such as password and username. This can be done by duplicating the web page and send email to the web application users. Below is the example of how it could be done.
In this post I will share the link of the documentation for webinar ( “Hacking and Defending a Linux-Based Capture the Flag” ) held on 17 of April by Jay Beala. If you are not familiar with webinar, it is basically a web-based seminar. This Webinar mainly talked about how to attack Donkey Docker CTF case and how to defends it.
Click here to see the documentation.
DVWA which stand for Damn Vulnerable Web Application is a very vulnerable web application. Its existent helps us to study more about how to use ethical hacking tools in a safe environment without breaking the law.
Below is the steps of how to install the DVWA.
Linux shell scripting is basically a file that contains script, with this script you can give your shell permission to execute it. This is the example of how to install the bash shell if there is no scripting shell in your unix/linux terminal.
Kali Linux provides us with several useful tools that we could use for penetration testing. Not forgetting one of its useful multi-function tools called Armitage. It is an attack management tools with Graphical User Interface that makes it easier for us to do penetration testing. Actually, It is more accurately a graphical interface for Metasploit framework. If you would like to know more about Metasploit framework. You can read What is Metasploit Project? by Margaret Rouse
In this post I will only show how to scan a range of network, the open port and the type of OS.
Today, I got a lecture about how to enumerate data and was given a task.
Our task was to do these three things:
- Enumeration User wp1.pentest.id
- Enumeration User jo1.pentest.id
- Enumeration User Email @pentest.id
Several tools that were suggested:
so now I would like to show the results and techniques that I used to solve these task.
Last week, my lecturer asked us to study about Linux command. However, studying about command line was not one of my favorite things, but at that time my friend suggested that I study Linux command from a game on the web called OverTheWire: Bandit.
This game consist of 26 level that encourage us to explore some of fundamental linux command that might be useful for us later on. It is a pretty interesting game.
Below is some of the screenshot of how to play it.
In this post I would like to give a simple tutorial of how to install virtual box and would like to show you a simple way to create a kali linux virtual machine. The link to the video version of the tutorial will be given at the bottom of this post.