Kioptrix: Level 1.1 Walkthrough – Vulnhub

Name: Kioptrix: Level 1.1 Date released: 17 Feb 2010 Author: Kioptrix Download Initial scan results below Found a login page running on port 80/Apache Tried a bunch of normal username combos such as admin:admin admin:password etc. Tried a couple SQLi attempts in the username and password field but couldn’t get an error message Decided to…

Kioptrix: Level 1 Walkthrough – Vulnhub

Name: Kioptrix: Level 1 Date released: 17 Feb 2010 Author: Kioptrix Download: https://download.vulnhub.com/kioptrix/Kioptrix_Level_1.rar Initial scan results below Poked around 80/443 and didn’t find anything interesting Discovered OS and Samba version info using Enum4Linux Found an exploit for Samba 2.2.x which can we found here Downloaded and executed the exploit ROOT!! Now let’s look around and…

Offensive Security Certified Professional (OSCP) Review

It’s just another Saturday, I wake up around 6:30 am, get ready and head into the office to start my 12-16 hour day of Penetration Testing with Kali Linux (PWK/OSCP) training from Offensive Security. Although, it’s not like the last 16 Saturdays, today is exam day. OSCP Exam I sat down at my desk around 7:30…

SickOS 1.2 Walkthrough – Vulnhub

Name: SickOs: 1.2 Date release: 27 Apr 2016 Author: D4rk Link: https://www.vulnhub.com/entry/sickos-12,144/ Initial scan results show TCP 22 and 80 running SSH and lighttpd respectively. Kicked off dirb and found a test folder. Checked the options on the test folder…and saw that the server allows put. Used the following command to put a php shell…

SSLyze – A Fast and Full-Featured SSL Scanner

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. There is also an EXE available for Windows users located here Key features include: Multi-processed and multi-threaded scanning:…

DroidJack – A Quick Look at an Android RAT

DroidJack is a Remote Administration Tool (RAT) that can build and bind Android Packages (APK) for install on any Android device. This RAT can be found at droidjack.net and offers many features. The RAT sells for $200 as a one-time charge; which comes with lifetime access to all future updates. A few of the features include:…

How-To Setup Fail2ban with Guacamole to Stop Brute-Force Attacks

Fail2ban Fail2ban(F2B) is an intrusion prevention software framework that protects computer servers from brute-force attacks. F2B can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Guacamole Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols…

How I Passed the CISSP on the First Try

On a cold wintery day in Michigan last December I sat for, and passed, the CISSP (Certified Information Systems Security Professional) exam by (ISC)2 in approximately 1 hour and 45 minutes with a 5-10 minute break. Read below and learn how I passed the CISSP on the first try. What I did Books I started off…

Halls of Valhalla – Beginners Challenge 1-7

Here’s a walk through for the Beginner Challenges on www.Halls-of-Valhalla.org. Click here to start the first challenge on Halls-of-Valhalla. Right click to view source and After a few minutes of perusing the source I found For this exercise we are using Burp Suite I flipped the Cookie: auth bit to true and…. After many failed attempts…