Hacking Tutorials

I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.

Elliot Alderson – Mr. Robot

Recent Posts

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

This post intends to serve as a guide for a common bypass technique when you’re up against a web application firewall (WAF). In the event that the WAF limits what tags and attributes are allowed to be passed, we can use BurpSuite’s Intruder functionality to learn which tags are allowed. Table of Contents: Setting the […]

Exploiting Cross Site Request Forgery (CSRF) & Bypassing Defenses

Wondering what Cross Site Request Forgery is? Go check out my previous post on this topic at Let’s Talk Basics About Cross Site Request Forgery (CSRF). Ready to learn more about how to exploit it? You’re in the right place. The concepts and examples shown in this post were taken from PortSwigger’s WebSecurity Academy. Table […]

Abusing Local Privilege Escalation Vulnerability in Liongard ROAR <1.9.76

Liongard ROAR is an automated documentation system that collects daily snapshots of configuration data for cloud, network, and on-premise systems. In April 2020, a local privilege escalation vulnerability was discovered that would allow an attacker the ability to modify executables placed on a system by the RoarAgent installer. Should those executables be modified to contain […]

How to Crack Encrypted 7z Archives

This post is a continuation from my last regarding cracking encrypted .zip archives. But what happens if you come across an encrypted 7zip archive? The 7-Zip encryption is actually quite good and can require a lot of time to bruteforce, but this guide will show you how weak passwords can still break good encryption. I’ll […]

Performing DNS Zone Transfers & Viewing the Results w/ Aquatone

When you find that DNS is running on a box, you may want to check if it’s vulnerable to a DNS Zone Transfer. If it is, and you’re able to successfully perform the attack, it will return a list of all subdomains available on the server — making the enumeration process that much easier. Table […]

Abusing Zoom Webinar/Meeting Software to Steal Windows Credentials

A vulnerability exists within Zoom with the way that it handles UNC paths in its chat feature. UNC (Universal Naming Convention) paths are used by computer systems to reference network resources and typically look like the following: \\computer\share As you can see from the above text, this path is listed out in this blog post […]

How To Crack Encrypted ZIP Archives

Thanks for checking out another quick hacking tutorial! This one is super simple, but helpful to know in case you come across a password protected ZIP archive that you need access to. To start, I created a couple text files on my Windows machine and stored them into an encrypted ZIP archive using 7-zip. Let’s […]

How To Route Tools (Gobuster) Through a BurpSuite Proxy

There are times where you will need to troubleshoot or route your tools through a proxy in order to get the result you need. This post will serve as a general guide for configuring BurpSuite as a proxy so you can route tools through it easily, and troubleshoot things as needed. In this specific example, […]

How to Brute Force Websites & Online Forms Using Hydra

While working through NINEVAH on HackTheBack (Write-Up on this coming in a future post), I came across a couple web forms that I needed to break into. In my opinion, using the Intruder feature within BurpSuite is an easier way to run brute-force attacks, but the effectiveness of the tool is greatly reduced when using […]

Abusing LLMNR/NBT-NS in Active Directory Domains: Part 1 (Capturing NTLMv2 Hashes)

Welcome to Part 1 of this series. As each part gets released, we’ll dive deeper and deeper into the joys of LLMNR poisoning and I’ll demonstrate just how easy it makes the life of an attacker when this default legacy protocol is still running in your environment. By the end of this series, you will […]

How to Hack Any Windows PC Without Password

In this guide, I will demonstrate how easy it is to break into a Windows machine when you have physical access, even if you have a strong password securing the account. We will go from being completely locked out, to having full Administrator access in less than 5 minutes. This is a Beginner level attack that anybody can do. Let’s dive in!



Stay Involved

Get new content delivered directly to your inbox.