When you hack or pen test or play CTF, you use Kali or Parrot or some other Linux, right? Windows hasn’t been a preferred security testing platform, but that doesn’t mean people haven’t been thinking about it. Enter FireEye, and the “Commando VM: The First of Its Kind Windows Offensive Distribution”. Hmmm. So … going …
Metasploitable 3: A hackable Windows VM
Rapid7 is the people behind Metasploit, and also maintains a series of vulnerable-by-design virtual machines – Metasploitable 1, 2 and now 3.The first two were nice Linux machines with lots of services and misconfigurations to exploit, but the third is a Windows machine. This requires using Vagrant to provision (build and configure) a VM from …
VulnHub Walk-Throughs: This is how you learn to pwn
Of course all us 1337 haxors know about VulnHub (https://www.vulnhub.com/), where you can download virtual machines to hack to your heart’s content. This place will devour your free time, your weekends, your relationships. Some of the challenges will truly reduce your brain to pudding. IgniteTechnologies maintains a Github repo of of hackingwalk-throughs against a bunch …
Continue reading “VulnHub Walk-Throughs: This is how you learn to pwn”
Command VM: a Windows Red-Team VM from FireEye
Have any of you built the Metasploitable 3 target VM? It’s not a simple job, but you can do it if you can follow instructions. Now FireEye has created a Windows red-team VM, the “Commando VM” (sorry but that makes me think of “going commando”). Creating a Windows attack or victim machine is tricky because …
Continue reading “Command VM: a Windows Red-Team VM from FireEye”
[ Hacker Night School ] :: Hacking Practice: the Command Injection ISO
I love sites like HackThisSite.org and root-me.org, where you can practice your hacking skills legally and safely. There are also some cool pre-vulnerable-ized web applications/sites that you can download, unzip and use on your hacking lab, like DVWA and Mutillidae. Then there are the dedicated virtual machines like Metasploitable, that give you a whole OS …
Continue reading “[ Hacker Night School ] :: Hacking Practice: the Command Injection ISO”
[ Hacker Night School ] :: Get your hack on crackin this site: root-me.org
Where HackThisSite.org is about … hacking that site, root-me.org is a whole platform. That means you can work your way through entire categories of Challenges: apps, crypto, forensics, stego, web clients and servers, and so forth. This is a blast. Don’t take my word for it. Go see. There’s an active and helpful community with …
Continue reading “[ Hacker Night School ] :: Get your hack on crackin this site: root-me.org”
[ Hacker Night School ] :: Sites To Practice Hacking: HackThisSite.org
HackThisSite is the perfect place to start this list of online hacking platforms. It’s been around a long time, and has a really active community. Of course, the specific flavor of hacking you’ll pursue here is web application testing. The domain name doesn’t lie: you’re welcome to try most kinds of mapping, testing and cracking …
Continue reading “[ Hacker Night School ] :: Sites To Practice Hacking: HackThisSite.org”