Wednesday, May 15, 2013

How to Unfollow Blogs or "Reading List" on Google [Non-Technical]

This is a very non-technical post, but I could not find ANY information about unfollowing blogs through Blogger without directly going to the blog and clicking a bunch (which from my point of view is INCREDIBLY annoying to say the least) so I thought it might help a few people out.

I had this problem that I somehow had a ton of random blogs followed but didn't feel like going to 100+ blogs and unfollowing them individually. After a lot of searching I finally came across a very random post that would not intuitively come up via a search engine.

Tuesday, April 16, 2013

Starting a Pentesting Lab [How-To/Linux/Windows]

Recently I bought a gaming computer with some of the best specs out there (i7, gtx670, 16gig ram, ssd, etc) and decided to finally set up my own Pentesting lab so I can practice breaking and securing "real" boxes of my own.

My current setup consists of my router connected to my apartment's WAN using DHCP, which issues private DHCP leases to the connected boxes on my network. I have a Windows 7 laptop of my own, a Windows 7 desktop host machine running VMs, and a Ubuntu 12.10 server for all my main Linux needs (I have SSH set up so I can access this box from work and other places).
My friends also connect to this network via Wifi, so there are random Win7 and OSx computers connected to it.
As for my virtualized boxes, I have Windows XP (different SPs), Windows Server 2003, 2008, and 2012, Metasploitable 2, DVL (Damn Vulnerable Linux), BackTrack5R3 (I hack from this box), and a few other exploitable machines. I will be setting up a Windows Vista and a couple other *nix distros to exploit, as well.

Sunday, November 4, 2012

Hacking Metasploitable #1: Introduction & IRC Hack [Metasploit/Linux/Exploit/How-to]

Starting today, I will start releasing how-tos on hacking the Metasploitable distro of Linux released by the creators of Metasploit in which I will go through how to determine if a system is exploitable, how to use Metasploit, how to load modules and run exploits, and what to do once you have exploited a system.

I hope these posts, starting with this (#1), teach the readers the important parts of using Metasploit as well as the basics of Pentesting and exploitation. This is by no means a thorough series on exploitation, but a way to get basic users' hands wet in the world of exploitation and hacking.

Tuesday, October 30, 2012

OverTheWire Wargame "Natas" Level 5 [How-To/Web]

So we cracked Level 4 with some knowledge of HTTP headers and requests, and used a cool little app to help us out. Now we are on Level 5, and after logging it it presents us with a weird page:


Well wait, didn't we just log in? Why does it say we aren't?

OverTheWire Wargame "Natas" Level 4 [How-To/Web]

So Level 3 required a bit more knowledge of web servers and how searches parse them, but we got through it and are now on Level 4.

When we load up this level, we are welcomed by the following error:


So it can see where we are coming from, and it doesn't like it.

OverTheWire Wargame "Natas" Level 3 [How-To/Web]

After breaking Level 2 with some knowledge of how web servers hold their data, we move on to Level 3 which presents us with the same page as level 2:


OverTheWire Wargame "Natas" Level 2 [How-To/Web]

So Level 1 wasn't that bad, either. Let's start Level 2 with the credentials that we found in the previous level.

When we load up level 2, we are presented with this:


Kind of ironic since there's text, right?

OverTheWire Wargame "Natas" Level 1 [How-To/Web]

Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder.

For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?