What is obfuscation? Obfuscation is source code modification as a result it becomes difficult to read and understand, but so that its functionality does not change. Obfuscation is used for source code in interpreted (rather than compiled) programming languages. That is, it is JavaScript, PHP, obfuscation can be used forRead More
How NOT to Do Phishing Attacks (Part 2)
Apparently, my email address got into some kind of phishing database and therefore the article “How NOT to do phishing attacks” will now have a sequel. I was again sent a phishing email and again in 5 minutes I found a bunch of phishing sites, downloaded phishing scripts (others) andRead More
How NOT to do phishing attacks (CASE)
Someone tried to steal my email password. And in 5 minutes I found out the attacker’s mail addresses, his server’s IP and all the domains belonging to him for phishing attacks, received the source code of his tools, the bot’s telegram API, and maybe even the attacker's IP and hisRead More
sshprank: SSH mass-scanner, login cracker and banner grabber
This article is about the sshprank tool, which is a fast network scanner looking for SSH servers. The program searches for computers running SSH and tries to log in using the specified credentials, that is, it performs automated brute-force attack. Also, the program is able to very quickly grab bannersRead More
How to reset MySQL or MariaDB root password on Windows
The root password is set during the installation of the DBMS. If the installation was done manually, that is, without an installer, as described, for example, in this article, then the password may not be set at all. If you use any ready-made assemblies that include MySQL/MariaDB, then ask forRead More
RDP Security Audit
Table of contents 1. How to discover computers with Remote Desktop Protocol (RDP) 1.1 Search of RDP open ports 1.2 Connection with standard utilities 2. Brute Force RDP 2.1 crowbar (levye) 2.2 patator 2.3 rdesktop-brute 3. Collection of information about RDP and through RDP 3.1 rdp-sec-check to get RDP serviceRead More
lulzbuster: a tool for quick enumeration of hidden files and folders on sites
Almost every site has files and folders that no links lead to. Among them, very interesting ones may come across, for example, forgotten backup copies of a database or site, phpMyAdmin, entries in administrative panels and other pages that are not intended for general access. Several articles have already beenRead More
Revealing the perimeter (CASE)
Today we are picking a server that distributes unwanted software and is the cause of spam. Webmasters will immediately understand the phrase “downgrade traffic” – this is when, instead of linking to a file, you are prompted to download an executable (.exe) file, after which you get an additional halfRead More
How to connect to Windows remote desktop from Linux
RDP (Remote Desktop Protocol) clients exist for many platforms, even for mobile phones, of course, there are RDP clients for Linux as well We will look at 2 RDP clients for Linux freerdp is a free implementation of the Remote Desktop Protocol (RDP) rdesktop is an open source client forRead More
How to install and configure RDP server on Linux
How to install an RDP server on Linux The Remote Desktop Protocol (RDP) Server can run on Windows and Linux as well. As a result, you can connect to Linux using the RDP protocol. On Linux, the RDP protocol is not integrated by default as on Windows. Also, Linux doesRead More