Useful Firefox Add-ons regarding Pentesting
There are really a lot of different and useful Add-ons for Firefox that can be used when executing a Pentest. A good starting point is the project FireCAT (Firefox Catalog of Auditing exTensions)....
View ArticleUseful Chrome Extensions regarding Pentesting
There are really a lot of different and useful Extensions for Google Chrome that can be used when executing a Pentest. Right now there are more pentesting Add-Ons available for Firefox, but the...
View ArticleClik here to view.
Searching for reported vulnerabilities
During the information gathering phase of a pentest, it is very important to check for already reported vulnerabilities. If you know the exact version of the application, operating system, framework,...
View ArticleUpdate BackTrack Installation
Before you execute a pentest, you should always update your BackTrack installation. It's pretty easy to update it, as it can be done via apt-get.#apt-get update#apt-get upgradeThis will install the...
View Articletcpdump and Wireshark and permission to test
When executing a pentest, it is necessary to document every step that is made during the pentest. This doesn't just mean to make screenshots of every step, input, output and results during the pentest...
View ArticleClik here to view.
Brute Forcing MySQL
I just did my first nmap scan against the Metasploitable Virtual Machine. There are several open ports and a lot of services running on the VM. Here is a listing of the services found by nmap: PORT...
View ArticleClik here to view.
Brute Forcing Postgres
After brute forcing MySQL I wanted to brute force the next service, this time PostgreSQL. Again the output of the nmap scan against Metasploitable:PORT STATE SERVICE VERSION21/tcp open ftp ProFTPD...
View ArticleClik here to view.
Information Gathering of Apache on Metasploitable
After bruteforcing Postgresql and MySQL, it's now time to prepare an attack to the Apache Webserver. I will try to get as much information about the webserver as possible to prepare an attack. The IP...
View ArticleClik here to view.
Increasing virtual disk in ESX 3.5
My installation of BackTrack has only a 10 GB virtual disk, because I was using the default settings when I installed it. Now I want to increase it to 25 GB.This can be done through opening the VMware...
View ArticlePentesting Devices / Gadgets
There are three devices I have found, that can be very useful if you're executing a (physical) security pentest:Pwnie Express The Plug Bot Mini PwnerAll of these devices are just as big as a cigarette...
View ArticleClik here to view.
MiniPwner
Hey folks,after waiting for two months my TP-Link Router has finally arrived yesterday. I'm not quite happy how the order was processed by volumerates.com. I ordered the TP-Link on 16th of January and...
View ArticleVulnerable Web Applications
Hey there,really a long time without a new post, but hopefully this will change in the future.In this post I was listing some vulnerable VMs that can be used for pentesting at home. There are also...
View ArticlePerl and https requests
Hi there,today I was in the mood in writing some little perl script that I need for a project. To get the perl script running it was needed to execute some https requests.First I was installing...
View ArticleSetup a Mailserver
Hy,this post is not about pentesting, but this weekend I had to move a domain of a friend of mine to my Debian server. After moving the domain I needed also to setup a (IMAP-) mail server. I'm not so...
View ArticleRebuild MiniPwner
Hi,I just wanted to use my MiniPwner again after some months where it was just placed on my desk and unfortunately I forget the password and I also didn't wrote it in my KeePass File.So I had to...
View ArticleOVA VMware Fusion
Hey there,I'm using VMware Fusion Version 4 and wanted to open a .ova file. I just wanted to play around a little on https://www.hacking-lab.com/, and the they provide a full virtual machine that is...
View ArticleKilling (Deleting) Facebook Account - quick'n'dirty
Hi there,I've been registered at Facebook since 2009. Now I've killed my account. This has several reasons:- Since I've registered the spam and ads are increasing and now Facebook want's the users to...
View ArticleRaspberry PI and Pentesting
Hey everybody,I've got a Raspberry PI for one year now and at the beginning I was just playing around with it as Media Center, but then it was laying around and I didn't use it for several months.This...
View ArticleAdditional, useful Unix tools in Kali via apt-get
Hey there,just today I found a new useful linux command called "mtr", ok this tool is available since the late 90s of the last century, but for me it was new. It is an enhanced traceroute and is much...
View ArticleRaspberry Pi and Nano USB WiFi (EDIMAX EW-7811Un) on Kali Linux
Hey there,yesterday my order arrived. An Wireless USB Adapter for my Raspberry Pi. Right after plugging it into the Pi and booting it up, it was found:root@kali:~# dmesg...usb 1-1.2: new high-speed USB...
View ArticleClik here to view.
Be your own cloud provider and kick out Google Calendar, Dropbox and co. -...
Hey there,I want to make a little experiment to get as much data in my own cloud and not using services like Google Calendar or iCloud. Especially because of all the things regarding Edward Snowden...
View ArticleBe your own cloud provider and kick out Google Calendar, Dropbox and co. -...
Hey there,so after I was able to sync all my calendar entries with all my devices by using OwnCloud, the next step is to use it as Dropbox replacement.The main purpose for me using Dropbox was always...
View Articlessh and tmux
Hi there,with tmux you can make your life a little more easy, if you have to work on the command line or manage one or more servers. So here is what I did:If I connect to one of my servers via ssh I'm...
View ArticleX Forwarding with SSH - Magic-Cookie problem
Hey there,I've mentioned in one of my last posts, that it is possible to forward X via SSH. In my case I'm connecting from my Mac OS X client to my Rasperry PI running Kali Linux. I'm using the X...
View ArticleSquid 3.3.10 - Transparent Proxy for HTTP and HTTPS
Hey there,for several years the squid proxy can be used as transparent proxy for HTTP and also HTTPS. As I was curious how it will work and how hard it is to setup, I've just installed and configured...
View Article
