Author: Hacking Tutorials

http://www.hackingtutorials.org

With less than a day to go we will welcome 2018 and we can look back at a great 2017 for the Hacking Tutorials website. In this small post I want to quickly stop by some accomplishments of 2017 and the Hacking Tutorials 2018 plans. The past year has been a great year for Hacking Tutorials and many new tutorials have been added to the website. Since 2015, the start of the Hacking Tutorials website, we have mainly published hacking tutorials that cover the basics of penetration testing. For 2017 (and 2018) we’ve raised the bar a bit by covering some more advanced subjects such as the basics of buffer overflow vulnerabilities, port forwarding techniques, advanced Netcat techniques and exploitation tutorials covering the full process of enumeration to exploitation and remediation. The latter can be found in the exploitation section of the website. Some other accomplishments for 2017 include the launch of the Virtual Hacking Labs, the switch from http to https (yes, finally!)…

Read More

Inspy is a LinkedIn enumeration tool written in Python that can be used for passive information gathering using information that is publicly available on LinkedIn. Inspy uses job titles and department names on LinkedIn profiles to find out who’s employed by a specific organization and in what role.

Read More

The other day, I stumbled across an interesting blog post with the subject Certified Ethical Hacker (CEH) vs. Offensive Security Certified Professional (OSCP) . . . and How to Start Your Ethical Hacker Career”. I did not only read this article but I devoured it and kept nodding my head, in agreement, as I read through it. I am at a stage of my ethical hacking career that I am seriously considering the notoriously difficult OSCP certification. Let me explain why I would introduce a blog post on Certified Ethical Hacker review by mentioning another post comparing CEH to OSCP. After reading the post, I immediately shared it with my colleagues. One of them will be undertaking the CEH course and exam shortly. He asked me to advise him on how to approach this undertaking. His request is in a way, what prompted me to write this post. Before I…

Read More

Today we’re going to do a small tutorial on subdomain enumeration with a tool called Sublist3r. Whether you’re a penetration tester enumerating possible attack vectors or a bug bounty hunter looking for domains that are in scope, subdomain discovery tools are indispensable in every toolkit. Sublist3r is a subdomain discovery tool that is written in Python that has been designed to enumerate subdomains of websites using data from publicly available sources and brute force techniques. The public sources consist of a wide range of popular search engines such as Google, Yahoo, Bing, Baidu, Ask and also Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS to discover subdomains. Optionally you can also brute force subdomains for a given domain name, this is then handled by an integrated tool named Subbrute. Subbrute is a DNS meta-query spider that enumerates DNS records and subdomains by using an extensive wordlist. This tool uses open resolvers to avoid rate limiting…

Read More

In this Metasploitable 3 Meterpreter Port forwarding hacking tutorial we will learn how to forward local ports that cannot be accessed remotely. It is very common and good practice to run specific services on a local machine and make them available to that local machine only instead of the full network. On a local network these services are typically administration panels used to configure hardware or software on a single machine which doesn’t need to expose these services to the full network, just like you would not want to expose a local FTP or SMB server to the internet. A good example of a service that doesn’t allow external access by default is MySQL server. MySQL server disables remote access by default upon installation for security reasons and requires the system administrator to explicitly enable remote access in order to allow remote connections. In this tutorial we will be using Meterpreter port forward to tunnel…

Read More

In this hacking tutorial we will be exploiting the HTTP PUT method on one of the Metasploitable 3 webservers to upload files to the webserver. If the HTTP PUT method is enabled on the webserver it can be used to upload a specified resource to the target server, such as a web shell, and execute it. In this tutorial we will look at how to determine if the HTTP PUT method is enabled and we’ll be using several different methods to upload a Meterpreter reverse shell. For this tutorial we assume that you have Metasploitable 3 installed. If you haven’t installed Metasploitable 3 yet than follow the how to install how to install the Metasploitable 3 tutorial. Determining allowed HTTP methods First we will learn how we can determine which HTTP methods are allowed and find out if HTTP PUT is one of them. From the Nmap port scan we found out…

Read More

In this article we will be looking at how easy it is to bypass authentication and reset the administrator password on a Windows Server 2008 R2 installation. This technique requires us to have physical access to the machine that is running the Windows server or have access to the management interface of the hypervisor when Windows Server 2008 R2 is running virtualized. This is not a great ‘hacking’ technique that can be used to pwn all Windows installations but it is more a sysadmins last resort trick when nothing else works on a forgotten password. And in some other situations it is definitely useful and comes in handy when you need it. Especially at the point when you’ve compromised the administration panel of the hypervisor software. This kind of access allows you to control the virtual machines as if you had physical access to it, including the ability to use boot disk and modify system files. Alternatively you can apply this technique when have some…

Read More

In the last hacking tutorial we have installed the Metasploitable 3 virtual machine on Windows 10 using Virtualbox, Vagrant and Packer. After setting up the virtual machine with Windows Server 2008 the installation script installed and configured all vulnerable services and applications. One of the vulnerable applications is ManageEngine Desktop Central 9. This version of ManageEngine Desktop Central 9 contains several vulnerabilities that allow us to upload files and execute commands on the target system. Both vulnerabilities have been patched by the vendor back in 2015. Before we start exploiting these vulnerabilities let’s have a look at what ManageEngine Desktop Central 9 is used for. ManageEngine Desktop Central is an integrated desktop and mobile device management application that helps system administrators in managing servers, clients devices and mobile devices from a central location. The software includes functionality for patch management, software deployment, remote control and many other features to manage IT assets and configuration. ManageEngine Desktop Central is managed…

Read More

A couple weeks ago I picked up a book with the very appealing title: Advanced Penetration Testing: Hacking the world’s most secure networks. The author of this book is the seasoned information security expert Wil Allsopp and it has been published by Wiley in March 2017. The foreword has been written by Hans van Looy, founder of Madison Gurkha (I’ve always wondered about this name when I saw it, finally explained in the foreword). The back cover states that this book is about more complex attack simulation and Advanced Persistent Threat (APT) modelling featuring techniques that are way beyond using Metasploit and vulnerability scanners. Advanced Penetration Testing & APT Modelling The book is covering Advanced Penetration Testing subjects such as: Discover and create attack vectors. Move unseen through a target enterprise and reconnoiter networks, operating systems, and test structures. Employ social engineering strategies to create an initial compromise. Establish a beachhead and leave a…

Read More

In this tutorial we will demonstrate how to install Metasploitable 3 in a Windows 10 environment using Vagrant, Packer and Virtualbox. So far we did a number of tutorials on hacking the Metasploitable 2 Linux machine on Hacking Tutorials. We’ve demonstrated how to install Metasploitable 2, how to enumerate it and perform a vulnerability assessment, and finally how to exploit it. As like many vulnerable machines that are for download Metasploitable 2 is a Linux machine. Because of strict licensing policies it a challenge to provide vulnerable Windows machines without breaking any licensing rules. Unfortunately you cannot just download the VM but you have to configure it yourself using a few tools and a Windows 2008 evaluation copy which is downloaded from the Microsoft website. The installation process is pretty straightforward and should not cause too much trouble when the right dependencies are installed. The biggest part of the installation process…

Read More