Next in my lab series will be another machine from VulnHub:
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs.
The goal is simple, gain root and get Proof.txt from the /root directory.
Not for the easily frustrated! Fair warning, there be trolls ahead!
I found a very interesting virtual machine on VulnHub that focuses on VoIP vulnerabilities. Since I haven’t seen any other VoIP resources, I thought it would be great to give this a try.
VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail.
This post will focus on the Kali tools that target web applications.
Today I am going to continue with cataloguing the security tools that are installed on Kali. Next is the Vulnerability Analysis section.
The next target in my web penetration testing series will be WebGoat. So, what is WebGoat?
It’s time for some web hacking in my pentest lab, so in this post I will go over attacking DVWA.
PentesterAcademy has a section dedicated to web application security challenges. In this post I will present my solution to the first challenge, which requires form bruteforcing to authenticate on the provided web page:
There is a lot of confusion and heated debate over the Python packaging system. In this post I want to cover the basics of it so it’s easier to understand.
This is another level with 2 alternate programs to exploit.
Kali is an awesome distribution for pentesting. But with so many choices, one may find it daunting to find a specific tool for a task without having used it before. Or maybe you’re wondering about some tools but don’t feel like testing every single one. So I decided to briefly go over the tools provided by Kali and provide a quick description. Where available, I will use the ones presented on their respective websites / manpages etc.
So, let’s begin!