[ Hacker Night School ] :: CSRF

This entry is part 17 of 26 in the series [ Hacker Night School ]

Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …

[ Hacker Night School ] :: WEP Cracking Basics in Kali

This entry is part 16 of 26 in the series [ Hacker Night School ]

Wifi Cracking: Start With the Basics: WEP WEP is so old and weak you’ll hardly ever find it in use, though there are always the few who haven’t paid attention. WEP cracking is a great way to get familiar with the aircrack-ng suite (https://www.aircrack-ng.org/), its commands and processes. Where to Learn Start with the horse’s …

[ Hacker Night School ] :: Tsuki CTF Pwns Access on HackTheBox

Tsuki CTF HackTheBox: Access
This entry is part 14 of 26 in the series [ Hacker Night School ]

Tsuki’s capture the flag Speedruns of HackTheBox machines are WAY too fun, and addictive as candy. I’m going to use this particular vid as a test, to see how useful a full explanation is for my Hacking 101 students. Hacking Access Database Files in Kali 00:00 – Port Scan nmap -sC -sV You’ll see …

[ Hacker Night School ] :: [ Using Git ]

This entry is part 13 of 26 in the series [ Hacker Night School ]

This is a non-optional skill for anyone who manages systems, runs networks, develops software or hacks on any of these to make them work or break them. 😉 Git (in case you’re a total newb; otherwise skip this) is a code repository, a site where coder teams can work together on projects and check out …

[ Hacker Night School ] :: Cain & Abel: Hacking Windows passwords and more with Biblical glee

Cain & Abel

Cain & Abel is a “password recovery tool” that runs on Windows, and targets Windows. It’s actually two tools, one that sniffs the network looking for LM or NTLM passwords (and a lot of other stuff like recording VOIP calls, doing WEP cracking, performing wireless packet injection and more), and one that can crack a …

[ Hacker Night School ] :: Got a shell on a Windows target? Now turn off the firewall.

Penetration Testing

Part of the hacking process is getting a first foothold into a system. Then once you’re in, escalating privileges and peeling back protections is the next priority. More than once in pen-testing situations or capture-the-flag games I’ve gotten into a Windows box and then needed to get further access. Here’s a nice discussion of exactly …