HackTheBox – Lame – Walkthrough

First information gathering, Nmap is the great tool to get all the information about the services, ports and a lot more. Command: Nmap -sV -sC -A -oN name.txt ipaddress From the Nmap scan we got to know that it is using vulnerable ftp service version vsftpd 2.3.4 and the port it is

tcpdump – Traffic Capture & Analysis

What is tcpdump? tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software. Tcpdump works on most Unix-like operating systems: Linux, Solaris, FreeBSD, DragonFly BSD, NetBSD, OpenBSD, Openwrt, macOS, HP-UX 11i, and AIX. In those systems, tcpdump uses the libpcap library to

Maltego: Automated Information Gathering

Information gathering has always been a crucial part in any penetration project, vulnerability analysis, forensics etc. there are many different tools out there for different type of information gathering, no doubt they all have many salient features, but security researchers have always tried to improve tools and make new tools

Raven1 VulnHub CTF Walkthrough Boot-To-Root

Here is the walkthrough of the Raven1 CTF from VulnHub, with step by step analysis, here you will get to know how to think while doing such CTF challenges and the tools that can be used in the penetration testing process. Firstly, we should always focus on gathering as much as

DHCP Starvation With Yersinia

DHCP Starvation What is DHCP - Dynamic host configuration protocol - It assigns IP addresses to devices when they connect to the network - Keeps track of which computer has which IP - Since it is a protocol, there is a communication established between the client and the access point (Unlike UDP) How does

Nmap Scripting Engine (NSE)

Nmap Scripting Engine (NSE) The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Nmap Scripts location ls -l /usr/share/nmap/scripts Default Scripts -sC -- Runs a default set of scripts dependent on the services

KRACK Attack – Proof Of Concept

KRACK Attack - Proof Of Concept An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers,

Shell Scripting – Ping Sweep Script

Shell scripting: ping sweep In this series you have already seen basics and some  example of automation, let’s dive into more applicative use of shell script, ping sweep is something very basic that every network administrator do, and its obvious that they don’t do it in the usual way because it’s

Shell Scripting – Loops & Tests

Shell scripting: test scripts and for loops Network administrator, pentester jobs includes lots of tasks that need to be performed on daily basis and its obvious that it is frustrating to perform the same bunch of tasks daily, but people are smart enough to make their jobs a little less boring