I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.Elliot Alderson – Mr. Robot
This post intends to serve as a guide for a common bypass technique when you’re up against a web application firewall (WAF). In the event that the WAF limits what tags and attributes are allowed to be passed, we can use BurpSuite’s Intruder functionality to learn which tags are allowed. Table of Contents: Setting the […]
Wondering what Cross Site Request Forgery is? Go check out my previous post on this topic at Let’s Talk Basics About Cross Site Request Forgery (CSRF). Ready to learn more about how to exploit it? You’re in the right place. The concepts and examples shown in this post were taken from PortSwigger’s WebSecurity Academy. Table […]
Liongard ROAR is an automated documentation system that collects daily snapshots of configuration data for cloud, network, and on-premise systems. In April 2020, a local privilege escalation vulnerability was discovered that would allow an attacker the ability to modify executables placed on a system by the RoarAgent installer. Should those executables be modified to contain […]
This post is a continuation from my last regarding cracking encrypted .zip archives. But what happens if you come across an encrypted 7zip archive? The 7-Zip encryption is actually quite good and can require a lot of time to bruteforce, but this guide will show you how weak passwords can still break good encryption. I’ll […]
When you find that DNS is running on a box, you may want to check if it’s vulnerable to a DNS Zone Transfer. If it is, and you’re able to successfully perform the attack, it will return a list of all subdomains available on the server — making the enumeration process that much easier. Table […]
In my first guide in this series, I showed you how to capture NTLMv2 hashes by utilizing a tool called Responder.py. You can find that here. In this guide, I will show you how to crack those hashes using a tool called Hashcat. Hashcat works best when you run it locally on your host machine, […]
A vulnerability exists within Zoom with the way that it handles UNC paths in its chat feature. UNC (Universal Naming Convention) paths are used by computer systems to reference network resources and typically look like the following: \\computer\share As you can see from the above text, this path is listed out in this blog post […]
Thanks for checking out another quick hacking tutorial! This one is super simple, but helpful to know in case you come across a password protected ZIP archive that you need access to. To start, I created a couple text files on my Windows machine and stored them into an encrypted ZIP archive using 7-zip. Let’s […]
There are times where you will need to troubleshoot or route your tools through a proxy in order to get the result you need. This post will serve as a general guide for configuring BurpSuite as a proxy so you can route tools through it easily, and troubleshoot things as needed. In this specific example, […]
While working through NINEVAH on HackTheBack (Write-Up on this coming in a future post), I came across a couple web forms that I needed to break into. In my opinion, using the Intruder feature within BurpSuite is an easier way to run brute-force attacks, but the effectiveness of the tool is greatly reduced when using […]
Welcome to Part 1 of this series. As each part gets released, we’ll dive deeper and deeper into the joys of LLMNR poisoning and I’ll demonstrate just how easy it makes the life of an attacker when this default legacy protocol is still running in your environment. By the end of this series, you will […]
In this guide, I will demonstrate how easy it is to break into a Windows machine when you have physical access, even if you have a strong password securing the account. We will go from being completely locked out, to having full Administrator access in less than 5 minutes. This is a Beginner level attack that anybody can do. Let’s dive in!
Get new content delivered directly to your inbox.