School for Hackers - Page 2 of 23 - Don't say we didn't warn you.

June 8, 2020June 8, 2020

[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 28 in the series [ Hacker Night School ]

This content requires registration.

May 25, 2020June 8, 2020

[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security

This entry is part 24 of 29 in the series [ Certified Ethical Hacker Training ]

This content requires registration.

May 25, 2020May 25, 2020

[ Pen Testing ] :: Step by Step :: Exploiting SETUID

This entry is part 1 of 1 in the series [ Penetration Testing ]

Setting the user ID on an executable means it runs under that user’s permissions, not the perms of the user that runs the executable. It’s highly useful in system admin, but it’s wildly dangerous too, because every SETUID file is a vector for hacking. John Hammond (on YouTube) give an excellent example in the context …

Continue reading “[ Pen Testing ] :: Step by Step :: Exploiting SETUID”

May 25, 2020

[ Hacker Night School ] :: Kali Linux Metapackages (All Tools or Subsets)

This entry is part 20 of 28 in the series [ Hacker Night School ]

There are actually four subsets of tools you can install with Kali, depending on your needs, disk resources and download speeds. These packages have names like kali-linux-full and kali-linux-all (those sound the same, don’t they?). Fortunately the good people at Offensive Security have a guide to the various metapackages. For instance: kali-linux is the barebones, …

Continue reading “[ Hacker Night School ] :: Kali Linux Metapackages (All Tools or Subsets)”

May 25, 2020

[ Hacker Night School ] :: Adding the Kali Tools to Ubuntu

This entry is part 19 of 28 in the series [ Hacker Night School ]

Kali is cool as hell, but taking it to work could get you fired, or at some of the places I support, get me arrested. It’s not really intended to be a daily-driver OS, though the 2020 update has moved it a long way in that direction. The biggest problem with carrying Kali around is …

Continue reading “[ Hacker Night School ] :: Adding the Kali Tools to Ubuntu”

May 20, 2020May 20, 2020

[ Auditing With OWASP ] :: [ Vulnerability A7: Cross-Site Scripting XSS ]

This entry is part 4 of 4 in the series [ Auditing With the OWASP Top 10 ]

Vulnerability A7: Cross-Site Scripting XSS XSS is oh, so useful for oh, so many things. Here’s a summary: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A7-Cross-Site_Scripting_(XSS) Practice and Process Okay, start here: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents You’ll see that the wiki is “retired”, and the new website (hopefully) holds all the old material too. We need: XSS Filter Evasion Cheat Sheet https://owasp.org/www-community/xss-filter-evasion-cheatsheet Scan down the …

Continue reading “[ Auditing With OWASP ] :: [ Vulnerability A7: Cross-Site Scripting XSS ]”

May 20, 2020May 20, 2020

[ Certified Ethical Hacker v10 ] :: [ Chapter 5 cont’d] :: Hash Cracking

This entry is part 9 of 29 in the series [ Certified Ethical Hacker Training ]

This content requires registration.