Ethical hacking and penetration testing

Cloudflare is an intermediate between a user and a site. It operates on the principle of reverse proxy, providing additional services, including page caching, protection from DDoS, and protection from bad bots and so on. In addition, Cloudflare hides the real IP address of the server on which the siteRead More

How to utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network, said in articles: How to find out the real IP of a site in Cloudflare Database of hidden site's IP behind CloudFlare. Searching for sites belong to the same CloudFlare account In thisRead More

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. bWAPP is for web application security-testing and educational purposes only.Read More

Damn Vulnerable Web Application (DVWA) is pre-installed in Samurai Web Testing Framework and Web Security Dojo (ethical hacking sandboxes, pre-configured vulnerable targets). However, the release version is likely outdated. To update DVWA to the latest release in Samurai Web Testing Framework Create the upd_dvwa.sh file with the following contents: #!/bin/bashRead More

OWASP Mutillidae II is pre-installed in Samurai Web Testing Framework and Web Security Dojo (ethical hacking sandboxes, pre-configured vulnerable targets). However, the release version is likely outdated. To update OWASP Mutillidae II to the latest release in Samurai Web Testing Framework Create the upd_mutillidae.sh file with the following contents: #!/bin/bashRead More

What is sqlmap, what is it for? The sqlmap program allows you to check sites for the presence of SQL injection vulnerabilities, XSS vulnerabilities, and also exploit SQL injection. A variety of SQL injection types and a variety of databases are supported. What can I do with sqlmap? Using sqlmapRead More

An attacker needs to know URL of an administration panel to enter into it the acquired credentials. It is also noticed that some programmers pay less attention to the ‘internal’ pages of websites that are not intended for a wide range of visitors, for example, a SQL injection vulnerability canRead More

If immediately after installing Kali Linux in VirtualBox, the desktop of virtual computer does not stretch to the full screen, then you need to install the VirtualBox Guest Additions: sudo apt-get update sudo apt-get install -y virtualbox-guest-x11 sudo reboot If you have already installed the VirtualBox Guest Additions, but theyRead More

Tools to hash strings In Linux, there are programs for calculating and validating popular hashes: b2sum – в compute and check BLAKE2 (512-bit) message digest cksum – checksum and count the bytes in a file md5sum – compute and check MD5 (128-bit) message digest sha1sum – compute and check SHA1Read More

There is a large number of hash types. Some of them are universal and are used by a wide range of applications, for example, MD5, SHA1, CRC8 and others. Some hashes are used only in certain applications (MySQL, vBulletin) and protocols. In addition to popular hashes, developers can use differentRead More