Sometimes we don’t want the public knowing the versions of Apache and PHP running on our servers. This article shows how to hide that information. We’re using CentOS 7 for this example but the only difference really is the location of the configuration file for the Vhosts. Hide the Apache
Read moreCategory: Security HowTo’s
My Most Used Metasploit Modules
The modules that we use are specific to our needs. But these are the most commonly used from my recent history. This list is super generic and mostly to supplement my poor memory. These methods/modules rely on a previously completed db_nmap scan. So our targets are readily available from the
Read moreCreating your own Password list
If you want to create a customised password list for a specific target (client, I hope), this article is for you. It’s basically just a re-write of “https://karimlalji.wordpress.com/2018/04/26/password-guessing-mangle-a-custom-wordlist-with-cewl-and-hashcat/” which I’ll probably forget later so I’m documenting here. We don’t just want a list of passwords, we want a list of
Read morePen Testing Tools – Stuff we all need
This article is mostly a cheat sheet for things pen-testers need. Obviously there’s a little picking and choosing depending on the need. Nmap: Ubuntu: apt install nmap CentOS: yum install nmap Nikto: Ubuntu: apt install nikto CentOS: yum install nikto Mimikatz: https://sourceforge.net/projects/mimikatz.mirror/files/latest/download Hydra: Ubuntu: apt install hydra Cewl: Ubuntu: apt
Read moreConfigure Metasploit with NMap and the Database – Advanced
This article walks you through the process of installing, configuring and running scans using Metasploit and Nmap. Both CentOS 7 and Ubuntu 20.04 are discussed. Our objective is to be able to run nmap scans and have the results go into a database so we can filter the results later
Read more
Get and Crack Windows Cached Credentials
This article explains how to extract various Windows dumps of passwords from a target system. To follow along with this article, you’ll need to have administrative access to the target Windows machine, and any endpoint security will need to be tolerant of your activities. Any good AV will likely prevent
Read more
WiFi Penetration Testing with Ubuntu on USB Storage
This article demonstrates how to use Ubuntu booted from a USB disk to do WIFI penetration testing. Why would you want to do this? If you have Windows on your laptop and need to use Aircrack-NG, you’ll need to fight with wireless adapter driver issues. So you’ll try Kali Linux
Read more
What you need in a Firewall
If you’re not filtering your internet traffic, you have a router, not a firewall. The good news is that most firewalls have features that can go a long way to protecting your IT and business resources. Let’s start with the different kinds of firewalls and their use-cases. A “packet filter”
Read more
Securely Wipe Disk and Try to Recover the Contents
This article demonstrates how to securely delete files and all content from a disk, and then attempt to recover files form that disk. Warning: There is a risk you’ll make a mistake and wipe the wrong disk. So be careful. Identify the disk you want to work with: lsblk For
Read more
2FA with SSH on Ubuntu | Google Authenticator
This article walks you through the process of enforcing 2FA on Ubuntu using the Google Authenticator. All of these steps are completed on the system that you want 2FA to be enforced on. Important notes: * SSH key-based logins bypass the 2FA component of the login verification process. * Users
Read more