Sunday, November 4, 2012

Hacking Metasploitable #1: Introduction & IRC Hack [Metasploit/Linux/Exploit/How-to]

Starting today, I will start releasing how-tos on hacking the Metasploitable distro of Linux released by the creators of Metasploit in which I will go through how to determine if a system is exploitable, how to use Metasploit, how to load modules and run exploits, and what to do once you have exploited a system.

I hope these posts, starting with this (#1), teach the readers the important parts of using Metasploit as well as the basics of Pentesting and exploitation. This is by no means a thorough series on exploitation, but a way to get basic users' hands wet in the world of exploitation and hacking.

Tuesday, October 30, 2012

OverTheWire Wargame "Natas" Level 5 [How-To/Web]

So we cracked Level 4 with some knowledge of HTTP headers and requests, and used a cool little app to help us out. Now we are on Level 5, and after logging it it presents us with a weird page:


Well wait, didn't we just log in? Why does it say we aren't?

OverTheWire Wargame "Natas" Level 4 [How-To/Web]

So Level 3 required a bit more knowledge of web servers and how searches parse them, but we got through it and are now on Level 4.

When we load up this level, we are welcomed by the following error:


So it can see where we are coming from, and it doesn't like it.

OverTheWire Wargame "Natas" Level 3 [How-To/Web]

After breaking Level 2 with some knowledge of how web servers hold their data, we move on to Level 3 which presents us with the same page as level 2:


OverTheWire Wargame "Natas" Level 2 [How-To/Web]

So Level 1 wasn't that bad, either. Let's start Level 2 with the credentials that we found in the previous level.

When we load up level 2, we are presented with this:


Kind of ironic since there's text, right?

OverTheWire Wargame "Natas" Level 1 [How-To/Web]

Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder.

For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?

OverTheWire Wargame "Natas" Level 0 [How-To/Web]

OverTheWire has released a new WarGame called "Natas" which focuses on web security, so I thought I'd try my hand at it and give some walkthroughs/how-tos as I beat each level. I'm still a newbie at websec, so deal with me!

Going to the front page of Natas, it gives us the creds to get into level 0, so we need to find level 1's creds somehow.

Saturday, October 6, 2012

Fun subreddit and open wargame competitions; how I gained root to OHP #1

Recently I have been active on a subreddit called /r/HowToHack which consists of users posting different levels of hacking challenges for newbies and higher level skilled hackers to try their hand at. There is an IRC channel on the sidebar that I suggest going to, as it's fun an informational to be on.

The following write up can be found on the subreddit, as I originally posted it there when I won the OHP #1 wargame by gaining root access first.

Tuesday, March 6, 2012

Anonymous browsing with Tor [Windows/Linux/Firefox/Chrome]

Anonymity online is one of the most important rights users have today and is a right we are slowly losing due to bills and laws being passed in governments worldwide, especially in the United States.

Bills like SOPA/PIPA/ACTA and other unconstitutional and unlawful proposals are everywhere and the Internet is standing up against them, with massive sites like Wikipedia and Reddit blacking out their services to bring awareness.