ETHICAL HACKING ARTICLES AND WRITE-UPS

See how Python can beat Burp Suite in brute-forcing speed and boost your hacking efficiency.

[Scenario]

Once, I was sharpening my skills on blind SQL injection by enumerating a vulnerable web application. I found the trivial username ‘administrator’ and his password length using conditional statements within the cookie field:

‘ UNION SELECT ‘a’ FROM users WHERE username=’administrator’ AND length(password)=20--

What was the indication that this is a successful SQLi hunt? Let’s see what the BurpSuite Comparer has to offer:

TryHackMe Write-ups

[Summary]

Good day, ladies and gentlemen! Here’s a brief description of what you’ll come across over the course of your penetration test and what you’ll learn:

• Client-side JavaScript exploitation using Burp Suite
• Password cracking with John The Ripper
• LinPEAS target machine enumeration
• Privilege escalation due to target server’s security misconfiguration

[Scanning]

First and foremost, we need to run some basic scans. I’m sure you have your own preferences and procedures in terms of scanning, so let’s not dwell on this for so long.

Nmap:

Ethical Hacking Articles and Write-ups

[Introduction]

Have you ever lived with a person whose music sucked? You sincerely didn’t like it and wanted to leave the planet when it was playing.

— Hey, man, can you please turn it down a little?

— Ah, sure, dude, no problem!

And with every step back to the room the sound bar of his phone is climbing up again!

Here it goes:

TryHackMe Write-up

The HackPark educational walkthrough with Metasploit, Msfvenom, Exploit-DB, PowerShell, and RCE.

Hi, there! I’m glad you’ve joined me on this little TryHackMe HackPack walkthrough and, undoubtedly, you’ll find what you seek whether it’s a solution to a problem or another angle of looking at things. Let’s get started!

[Task 1] Deploy the vulnerable Windows machine

I’m sure you’ve seen this naughty clown somewhere … Maybe in the IT movie or the Steven King’s novel. So, let’s not dwell on this one.

Hi, George! What a nice boat. Do you want it back?

[Task 2] Using Hydra to brute-force a login

At the very beginning of our investigation, it’s nice to start the Nmap scan. …

TryHackMe Write-up

Hello, there! Here’s an educational walkthrough on the TryHackMe Steel Mountain machine. If you struggle with it or just want to take a look at another approach of solving the challenge, you’re definitely in the right place! Without further ado, let’s dive into it.

[Task 1] — Introduction

First thing’s first, we need to do the port scanning! So, let’s fire up some Nmap scans and identify potential attack vectors.

What I usually start from is so called (mainly by myself) basic and vuln Nmap scans:

Nmap -sC -sV -O $IP -oN basic_scan.nmap

Nmap -script=vuln $IP -oN vuln_scan.nmap

A little breakdown of these two:

…

1. Reconnaissance

First thing we need to do is scanning. Let’s run two Nmap scans:

• Nmap -sV -sC -O <ip-addr> -oN basic_scan.nmap
• Nmap — script=vuln <ip-addr> -oN vuln_scan.nmap

The first Nmap scan is very similar to -A (aggressive) scan, but it doesn’t do traceroute. The second one is meant to find potential attack vectors for the victim.

The results is presented in the following screenshot:

Basic Nmap Scan

To hit the ground running on exploiting the Mr. Robot machine we need some information on the target, so let’s run some basic scans which will reveal potential attack vectors. I usually start with a couple of Nmap scans:

nmap -sC -sV -O <ip-address> -oN basic_scan.nmap

nmap — script=vuln <ip-address> -oN vuln_scan.nmap

The following screenshot shows the output of the basic scan.

1. Deploy the Vulnerable Machine

At the very beginning of the penetration test, I’d like to start with two scans which I usually call basic Nmap scan and vuln scan.

Basic Nmap scan: