Posted on

Practice Hacking: the Command Injection ISO

Pentester Academy
I love sites like HackThisSite.org and root-me.org, where you can practice your hacking skills legally and safely.
There are also some cool pre-vulnerable-ized web applications/sites that you can download, unzip and use on your hacking lab, like DVWA and Mutillidae.
Then there are the dedicated virtual machines like Metasploitable, that give you a whole OS environment to wreck to your heart’s content. Here’s an example a friend recently pointed out to me, the Command-Injection-ISO from PenTester Academy.
“We’ve packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not all applications are on port 80 :)” – https://sourceforge.net/projects/commandinjectioniso/ .
Give it a try and tell us what you think! Thanks –
Glenn
Posted on

Learn Python in 43 Minutes (if you’re a really fast learner)

Learning new programming languages is an endless task, because languages go in and out of vogue, and new one offer some substantial improvements (none of them will find you a spouse yet, unfortunately). After a while I recognized that all languages have more in common than they have differences, so when I need to pick up a new one or just brush up one one I haven’t used recently, I look to quick, clear training. W3Schools is terrific for a lot of things, including my recent refresh of Python. But there are other ways to teach and learn. These days a lot of people prefer video to text.

So I went looking for good examples of “instant” Python training, and of them, I like this particular video best: “Learn Python in One Video”:

Posted on

Hacker Night School: Bug Bounty: Hack Facebook for Fun and Profit!

Security Padlock

Ashley King writes about an experience with bug bounty:

“Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in the Facebook for Android application. The vulnerability would allow an attacker to execute arbitrary javascript within the Android application by just clicking a single link.

“I was able to execute this at 3 different end points before we concluded the issue was primarily with the webview component rather than just the reported end points themselve. After going back and forth with the Facebook security team they quickly patched the issue and I was rewarded with $8500 under their Bug Bounty Program.”
https://ash-king.co.uk/facebook-bug-bounty-09-18.html?fbclid=IwAR1D47yyW9B6YadOcF3PxrwxHiQiySEhFzqijNQMKMjwuv1eSzz8OuVZBzc

Have you checked out the bug bounty opportunities? You don’t necessarily have to be a code wizard to try this; victory goes to the person who notices the right thing. Read the article linked above to see how Ashley did it.