Imagine you have a local server where you work on developing the code for a web application. After doing your magic, you want to upload it to the web server so the rest of the world can access your shiny new web app. To do that, you have to place your code on another server, which serves as the production environment. Moreover, when making changes to your code, you only want to update the modified files, not everything.

It’s been a while since my last post, but a full time job + the Cisco Cybersecurity scholarship are really eating into my time. But I will try to sneak a post here and there, whenever I can!

In a previous post, I made a tutorial about setting up Apache on CentOS. The next step is to fire a MySQL server and put some databases on that web server!

Yes, the time has come for a full post on Burp Suite! I have delayed it for too long!

Before starting, here are some resources for learning about Burp:

Burp Suite Documentation

Free introductory course on Burp Suite

Burp Suite for Web Application Security

Dirbuster is a multithreaded Java application that tries to find hidden files and directories on a target web application by brute forcing their names. Dirbuster comes with 9 lists of common file and directory names that were crawled from the internet, but you can choose to use your own. Pure brute forcing is also available, but due to the time constraints, the filelist option is by far the most commonly used

In this post I’ll discuss the use of the powerful web reconaissance framework, Recon-ng.

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recently I have read the so-called Nmap bible, the Nmap Network Scanning book written by the creator of Nmap himself. I’ve decided to make a new section on the blog with the books I’m reading and that I find most useful. Needless to say, this was a great book, that has upped my Nmap game considerably. Right from the start, I highly recommend this as a book that should be in the arsenal of every pentester, system admin, network engineer or plain old computer guy. The amount of information you get out of it is not constrained to a specific field.

In this post I will go over the installation and configuration of an Apache web server on CentOS.

Recently, I’ve been reading Fyodor’s Nmap Network Scanning book and decided to create an Nmap cheatsheet while at it.

Half of the book, including updated content, is also available for free on https://nmap.org/book/toc.html

Fyodor was also nice enough to set up a machine that you can test your scans against (within reasonable limits), at http://scanme.nmap.org/

All right, let’s get scanning!

In this post I am going to introduce Python’s virtual environments, through the virtualenv tool. With this tool, you can keep separate environments for your projects, with their own dependencies and executables. By isolating the project environments, you can keep them neat and organized, without messing up your global installation. Depending on the requirements of what you’re working on, you can use different versions of Python or keep older libraries on a per-project basis. Nothing outside the virtual environment will be modified.

The objective is the same as the previous one, get root and read key.txt