Clik here to view.
Securely delete files and folders from Finder
In the computer world, when you delete a file and empty the Trash or Recycle Bin, it's not really gone. This can be a good thing for when you accidentally delete something critical, or your hard drive...
View ArticleClik here to view.
Cracking MoinMoin Wiki passwords
I wanted to audit the security of a server running the MoinMoin Wiki Engine version 1.9.2 and needed to see if I could crack the passwords on the site. Each user's information is stored in a file...
View ArticleClik here to view.
Sniffing website login credentials
Man-in-the-middle (MITM) attacks are an effective way to capture data flowing between a target and the router. In a nutshell, the attacker places himself between the target and the router so that all...
View ArticleClik here to view.
Setting up a malicious wireless access point
It can be tempting to hop onto an open wireless network when you just need to check your email, or you want to send off a tweet. Stop for a moment though, because an open wireless network might not be...
View ArticleClik here to view.
Creating a user name list for brute force attacks
If you need to do a brute force attack against a particular service, you'll need a couple of things. A good wordlist containing possible passwords, and a list of user names to try. It's easy to get a...
View ArticleClik here to view.
De-ICE hacking challenge: Part 1
Over the weekend I decided to take the De-ICE Live CD Level 1 challenge. De-ICE provides a safe environment where you can practice your penetration testing skills. The Live CDs are free and provided by...
View ArticleClik here to view.
De-ICE hacking challenge: Part 2
In my previous post I talked about how I completed part 1 of the De-ICE hacking challenge. If you're not sure what De-ICE is, I recommend reading my last post and checking out Heorot.Net, home of the...
View ArticleClik here to view.
De-ICE hacking challenge: Part 3
This is a walkthrough on how I completed level 2 of the De-ICE penetration testing Live CDs. I had completed level 1 a week before and talked about my experiences in a two part post (part 1 and part...
View ArticleClik here to view.
Holynix hacking challenge: Part 1
I've been playing a few of these hacking challenges over the past few months, some are extremely easy, while others force you to think out of the box. Completing a challenge is rewarding, but the...
View ArticleClik here to view.
Holynix hacking challenge: Part 2
On to Holynix 2, the last Holynix challenge as of this writing. Holynix 2 can be downloaded from http://sourceforge.net/projects/holynix/files/2.0/. As before, Backtrack Linux is used as the attacking...
View ArticleClik here to view.
Staying anonymous in a social Internet
There are legitimate reasons for wanting to stay anonymous online. You don't have to be living in an oppressed country, or be a criminal, or an activist. Sometimes you just don't want Facebook or...
View ArticleClik here to view.
Wireshark OS X: Disappearing menu items fix
Wireshark on OS X runs on top of X11. As most people who've used X11 applications on OS X are aware, they look ugly, and don't match the theme on OS X. In an effort to prettify Wireshark, the...
View ArticleClik here to view.
Port scanning one, two punch
Information gathering is an important step in a penetration test, or any hack attempt. Various attack vectors open up based on the findings in the information gathering stage. Port scanning provides a...
View ArticleClik here to view.
Let's kick shell-ish, Part 1: Directory traversal made easy
Web applications that are vulnerable to directory traversals offer a small window into viewing the contents of a target server. In a way, you've semi-penetrated the system, albeit with minimal...
View ArticleClik here to view.
Let's kick shell-ish, Part 2: Remote File Inclusion shell
In Part 1, we talked about getting a shell-like interface when attacking a target vulnerable to directory traversals. We continue with an article on exploiting Remote File Inclusion (RFI) attacks with...
View ArticleClik here to view.
Kioptrix hacking challenge: Part 1
Kioptrix is another set of virtual machines that are intended to be hacked into. As of this writing there are currently four Kioptrix challenges. Each one increases in difficulty and is a good start...
View ArticleClik here to view.
Kioptrix hacking challenge: Part 2
The second Kioptrix challenge isn't quite as scan and exploit as the first, but still a relatively easy beginner challenge. The Kioptrix challenges can be downloaded from...
View ArticleClik here to view.
Kioptrix hacking challenge: Part 3
The third Kioptrix challenge is level 1.2, which can be downloaded from http://www.kioptrix.com/blog/?page_id=135. This challenge is definitely a bit more involved than the first two. When the Kioptrix...
View ArticleClik here to view.
VulnImage hacking challenge
Another virtual machine hacking challenge! This one is called vulnimage and can be downloaded from http://boot2root.info This one is a little more advanced, requiring the attacker to craft a custom...
View ArticleClik here to view.
Loophole hacking challenge
Loophole is another wargame, created by Beller0ph0n and released at the HackingDojo forums. The image itself can be downloaded from http://boot2root.info. I'm rating this one as a beginner challenge....
View Article