[ Hacker Night School ] :: CSRF

OWASP

Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …

[ Hacker Night School ] :: Tsuki CTF Pwns Access on HackTheBox

Tsuki CTF HackTheBox: Access

Tsuki’s capture the flag Speedruns of HackTheBox machines are WAY too fun, and addictive as candy. I’m going to use this particular vid as a test, to see how useful a full explanation is for my Hacking 101 students. Hacking Access Database Files in Kali 00:00 – Port Scan nmap -sC -sV 10.10.10.98 You’ll see …

[ Hacker Night School ] :: Cain & Abel: Hacking Windows passwords and more with Biblical glee

Cain & Abel

Cain & Abel is a “password recovery tool” that runs on Windows, and targets Windows. It’s actually two tools, one that sniffs the network looking for LM or NTLM passwords (and a lot of other stuff like recording VOIP calls, doing WEP cracking, performing wireless packet injection and more), and one that can crack a …

[ Hacker Night School ] :: Got a shell on a Windows target? Now turn off the firewall.

Penetration Testing

Part of the hacking process is getting a first foothold into a system. Then once you’re in, escalating privileges and peeling back protections is the next priority. More than once in pen-testing situations or capture-the-flag games I’ve gotten into a Windows box and then needed to get further access. Here’s a nice discussion of exactly …