Wednesday, May 15, 2013

How to Unfollow Blogs or "Reading List" on Google [Non-Technical]

This is a very non-technical post, but I could not find ANY information about unfollowing blogs through Blogger without directly going to the blog and clicking a bunch (which from my point of view is INCREDIBLY annoying to say the least) so I thought it might help a few people out.

I had this problem that I somehow had a ton of random blogs followed but didn't feel like going to 100+ blogs and unfollowing them individually. After a lot of searching I finally came across a very random post that would not intuitively come up via a search engine.

Tuesday, April 16, 2013

[OLD] Starting a Pentesting Lab [How-To/Linux/Windows]

Recently I bought a gaming computer with some of the best specs out there (i7, gtx670, 16gig ram, ssd, etc) and decided to finally set up my own Pentesting lab so I can practice breaking and securing "real" boxes of my own.

My current setup consists of my router connected to my apartment's WAN using DHCP, which issues private DHCP leases to the connected boxes on my network. I have a Windows 7 laptop of my own, a Windows 7 desktop host machine running VMs, and a Ubuntu 12.10 server for all my main Linux needs (I have SSH set up so I can access this box from work and other places).
My friends also connect to this network via Wifi, so there are random Win7 and OSx computers connected to it.
As for my virtualized boxes, I have Windows XP (different SPs), Windows Server 2003, 2008, and 2012, Metasploitable 2, DVL (Damn Vulnerable Linux), BackTrack5R3 (I hack from this box), and a few other exploitable machines. I will be setting up a Windows Vista and a couple other *nix distros to exploit, as well.

Sunday, November 4, 2012

Hacking Metasploitable #1: Introduction & IRC Hack [Metasploit/Linux/Exploit/How-to]

Starting today, I will start releasing how-tos on hacking the Metasploitable distro of Linux released by the creators of Metasploit in which I will go through how to determine if a system is exploitable, how to use Metasploit, how to load modules and run exploits, and what to do once you have exploited a system.

I hope these posts, starting with this (#1), teach the readers the important parts of using Metasploit as well as the basics of Pentesting and exploitation. This is by no means a thorough series on exploitation, but a way to get basic users' hands wet in the world of exploitation and hacking.

Tuesday, October 30, 2012

OverTheWire Wargame "Natas" Level 5 [How-To/Web]

So we cracked Level 4 with some knowledge of HTTP headers and requests, and used a cool little app to help us out. Now we are on Level 5, and after logging it it presents us with a weird page:

Well wait, didn't we just log in? Why does it say we aren't?

OverTheWire Wargame "Natas" Level 4 [How-To/Web]

So Level 3 required a bit more knowledge of web servers and how searches parse them, but we got through it and are now on Level 4.

When we load up this level, we are welcomed by the following error:

So it can see where we are coming from, and it doesn't like it.

OverTheWire Wargame "Natas" Level 3 [How-To/Web]

After breaking Level 2 with some knowledge of how web servers hold their data, we move on to Level 3 which presents us with the same page as level 2:

OverTheWire Wargame "Natas" Level 2 [How-To/Web]

So Level 1 wasn't that bad, either. Let's start Level 2 with the credentials that we found in the previous level.

When we load up level 2, we are presented with this:

Kind of ironic since there's text, right?

OverTheWire Wargame "Natas" Level 1 [How-To/Web]

Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder.

For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?

OverTheWire Wargame "Natas" Level 0 [How-To/Web]

OverTheWire has released a new WarGame called "Natas" which focuses on web security, so I thought I'd try my hand at it and give some walkthroughs/how-tos as I beat each level. I'm still a newbie at websec, so deal with me!

Going to the front page of Natas, it gives us the creds to get into level 0, so we need to find level 1's creds somehow.

Saturday, October 6, 2012

Fun subreddit and open wargame competitions; how I gained root to OHP #1

Recently I have been active on a subreddit called /r/HowToHack which consists of users posting different levels of hacking challenges for newbies and higher level skilled hackers to try their hand at. There is an IRC channel on the sidebar that I suggest going to, as it's fun an informational to be on.

The following write up can be found on the subreddit, as I originally posted it there when I won the OHP #1 wargame by gaining root access first.

Tuesday, March 6, 2012

Anonymous browsing with Tor [Windows/Linux/Firefox/Chrome]

Anonymity online is one of the most important rights users have today and is a right we are slowly losing due to bills and laws being passed in governments worldwide, especially in the United States.

Bills like SOPA/PIPA/ACTA and other unconstitutional and unlawful proposals are everywhere and the Internet is standing up against them, with massive sites like Wikipedia and Reddit blacking out their services to bring awareness.

Friday, October 7, 2011

Scripting in Perl! [Linux/Windows]

So currently at school I'm taking a Scripting in Perl class, and I'm in absolute LOVE with this language. It's easy to understand, has very good English-like syntax, simple array and hash usage, built in BASH support (for all you Linux freaks!), easy GUI creation, and so many other things that we haven't even gotten into.
I'll be posting examples based upon things in my lab and lecture, including full programs, certain syntax, and other cool things. My teacher is very good and explains many things, so you have him at your disposal (meaning, ask me a question I don't know and I'll ask him, learn it, then explain it back to you!).

Lets get started with basic syntax then get into all the fun stuff.

Tuesday, August 16, 2011

BASH scripting in Linux: an introduction [Linux]

I've already used a bit of BASH scripting in my Wifi sniffing tutorial, but the importance of scripting in BASH and other languages such as Perl, Ruby, and Python is so great I need to write separate posts for them all.
Bash stands for "Bourne-Again Shell" (you will see "sh" stands for "shell" in many places). Named aptly for being the successor of the Bourne Shell, it came into use in 1989 and has since been a main scripting language for Linux and has many different options such as piping (seen before on my blog), variables and control structures (like all good languages), file reading, and the Unix "wildcard" usage by the asterisk (*) key.

Enough about stuff I'm sure you guys don't care about, lets jump right in!