Posts

Showing posts from 2012

Hacking Metasploitable #1: Introduction & IRC Hack [Metasploit/Linux/Exploit/How-to]

Starting today, I will start releasing how-tos on hacking the Metasploitable distro of Linux released by the creators of Metasploit in which I will go through how to determine if a system is exploitable, how to use Metasploit, how to load modules and run exploits, and what to do once you have exploited a system. I hope these posts, starting with this (#1), teach the readers the important parts of using Metasploit as well as the basics of Pentesting and exploitation. This is by no means a thorough series on exploitation, but a way to get basic users' hands wet in the world of exploitation and hacking.

OverTheWire Wargame "Natas" Level 5 [How-To/Web]

Image
So we cracked Level 4  with some knowledge of HTTP headers and requests, and used a cool little app to help us out. Now we are on Level 5 , and after logging it it presents us with a weird page: Well wait, didn't we just log in? Why does it say we aren't?

OverTheWire Wargame "Natas" Level 4 [How-To/Web]

Image
So Level 3  required a bit more knowledge of web servers and how searches parse them, but we got through it and are now on Level 4 . When we load up this level, we are welcomed by the following error: So it can see where we are coming from, and it doesn't like it.

OverTheWire Wargame "Natas" Level 3 [How-To/Web]

Image
After breaking Level 2  with some knowledge of how web servers hold their data, we move on to Level 3  which presents us with the same page as level 2:

OverTheWire Wargame "Natas" Level 2 [How-To/Web]

Image
So Level 1  wasn't that bad, either. Let's start Level 2  with the credentials that we found in the previous level. When we load up level 2, we are presented with this: Kind of ironic since there's text, right?

OverTheWire Wargame "Natas" Level 1 [How-To/Web]

Image
Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder. For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?

OverTheWire Wargame "Natas" Level 0 [How-To/Web]

Image
OverTheWire  has released a new WarGame called "Natas" which focuses on web security, so I thought I'd try my hand at it and give some walkthroughs/how-tos as I beat each level. I'm still a newbie at websec, so deal with me! Going to the front page of Natas , it gives us the creds to get into level 0, so we need to find level 1's creds somehow.

Anonymous browsing with Tor [Windows/Linux/Firefox/Chrome]

Image
Anonymity online is one of the most important rights users have today and is a right we are slowly losing due to bills and laws being passed in governments worldwide, especially in the United States. Bills like SOPA/PIPA/ACTA and other unconstitutional and unlawful proposals are everywhere and the Internet is standing up against them, with massive sites like Wikipedia and Reddit blacking out their services to bring awareness.