2FA Instructions for LinkedIn

Here are instructions for enabling two factor authentication (2FA) on LinkedIn: Login to LinkedIn Click Me in the upper right corner, then click Settings & Privacy Click Account then Two-step verification Click Turn on, then add a phone number Go back to two-step verification and click turn on Enter code from text message and you…

2FA Instructions for Amazon

Here are instructions for enabling two factor authentication (2FA) on Amazon: Login to Amazon Go to your account, then click Login & security Enter password Click Advanced Security Settings Click Get Started Duo Click Authenticate App Open Duo and click the + in the top right and then take picture of QR code Type in…

2FA Instructions for Facebook

Here are instructions for enabling two factor authentication (2FA) on Facebook: Login to Facebook Go to Settings>Security and Login Click Use two-factor authentication Duo If you have Duo setup on your device and would like to use it follow these instructions: Click Authentication App Open Duo, click the plus button and take a picture of…

WDigest: Clear-Text Passwords in Memory

What is it? WDigest.dll was introduced in the Windows XP operating system. The Digest Authentication protocol is designed for use with Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges, as documented in RFCs 2617 and 2831. Many people think of Digest Authentication as a protocol that is used with Web browsers for…

Kioptrix: Level 1.2 Walkthrough – Vulnhub

Name: Kioptrix: Level 1.2 Date released: 18 April 2011 Author: Kioptrix Download Enumeration Attacker: 10.11.1.7 Target: 10.11.1.10 Initial scan results below Well there aren’t a lot of options so I decided to start with http. I quickly found the login page for phpMyadmin and was able to login with admin as the user and no…

Kioptrix: Level 1.1 Walkthrough – Vulnhub

Name: Kioptrix: Level 1.1 Date released: 17 Feb 2010 Author: Kioptrix Download Initial scan results below Found a login page running on port 80/Apache Tried a bunch of normal username combos such as admin:admin admin:password etc. Tried a couple SQLi attempts in the username and password field but couldn’t get an error message Decided to…

Kioptrix: Level 1 Walkthrough – Vulnhub

Name: Kioptrix: Level 1 Date released: 17 Feb 2010 Author: Kioptrix Download: https://download.vulnhub.com/kioptrix/Kioptrix_Level_1.rar Initial scan results below Poked around 80/443 and didn’t find anything interesting Discovered OS and Samba version info using Enum4Linux Found an exploit for Samba 2.2.x which can we found here Downloaded and executed the exploit ROOT!! Now let’s look around and…

Offensive Security Certified Professional (OSCP) Review

It’s just another Saturday, I wake up around 6:30 am, get ready and head into the office to start my 12-16 hour day of Penetration Testing with Kali Linux (PWK/OSCP) training from Offensive Security. Although, it’s not like the last 16 Saturdays, today is exam day. OSCP Exam I sat down at my desk around 7:30…

SickOS 1.2 Walkthrough – Vulnhub

Name: SickOs: 1.2 Date release: 27 Apr 2016 Author: D4rk Link: https://www.vulnhub.com/entry/sickos-12,144/ Initial scan results show TCP 22 and 80 running SSH and lighttpd respectively. Kicked off dirb and found a test folder. Checked the options on the test folder…and saw that the server allows put. Used the following command to put a php shell…

SSLyze – A Fast and Full-Featured SSL Scanner

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. There is also an EXE available for Windows users located here Key features include: Multi-processed and multi-threaded scanning:…