Password Brute Forcer Using Python
A Python script to brute-force passwords with a focus on ethical use. This program cracks passwords of length 1 to 7, using lowercase letters and numbers.
Recent Posts
Phishing Unfolding
Dive into the heat of a live phishing attack as it unfolds within the corporate network.
Conquering the eJPTv2, My Journey and Tips
Taking the eJPT v2 was a game-changer for me. It’s not just a certification—it’s a hands-on journey into the world of ethical hacking and penetration testing. With real-world labs, a browser-based exam environment, and a focus on practical skills, it gave me a genuine taste of what it’s like to work in cybersecurity. The exam itself was challenging but fair, with a strong emphasis on enumeration and exploiting common vulnerabilities.
Lupin One - Vulnhub
A detailed walkthrough of the scanning, enumeration, and exploitation phases during a penetration test, including the use of tools like Nmap, ffuf, and Metasploit.
Writeup - Hack The Box
The writeup begins with a straightforward unauthenticated vulnerability in CMS Made Simple, which I exploit to retrieve the database credentials. After cracking the user’s hash, I discover they reused the same password for SSH, allowing me to access the machine. The privilege escalation is particularly interesting: I have write permissions on /usr/local, enabling me to place a binary payload that gets executed by run-parts when I log in via SSH, as it is invoked without the full path.
Good Games - Hack The Box
GoodGames is an easy Linux machine highlighting SQL injection, weak hashing risks, and password reuse dangers. It also demonstrates SSTI via render_template_string in Python. Privilege escalation is achieved through Docker enumeration, leveraging container admin access to gain root on the host.
Building a Home SIEM Lab with Elastic and Kali Linux
A step-by-step guide to setting up a home SIEM lab using Elastic and Kali Linux for hands-on SOC analyst experience.
Sau - Hack The Box
Sau is an easy Linux machine exploiting SSRF in Request Baskets (CVE-2023-27163) to access a vulnerable Maltrail instance. An unauthenticated OS command injection grants a shell as puma, and sudo misconfiguration leads to root.
Jerry - Hack The Box
Jerry is an easy Hack The Box machine that realistically simulates exposed Apache Tomcat instances with weak or default credentials.
Cap - Hack The Box
Cap is an easy Linux machine where an IDOR vulnerability exposes network captures containing plaintext credentials, allowing initial access. Privilege escalation is achieved by exploiting a Linux capability to gain root.