Docker is a popular containerization platform used for deploying and running applications in a portable and efficient manner. In this article, we will guide you through the process of installing Docker on Kali Linux, a popular operating system used for penetration testing and ethical hacking. Docker is a powerful tool for containerization, enabling developers to […]
Read More “A Complete Guide to Installing Docker on Kali Linux”
List of tools used by Red Teams Reconnaissance Tool Description Website AWSBucketDump S3 bucket enumeration GitHarvester GitHub credential searcher spoofcheck SPF/DMARC record checker dnsrecon Enumerate DNS records jsendpoints Extract page DOM links Resource Development Tool msfvenom Chimera Initial Access Tool Description Website EvilGoPhish Phishing campaign framework SquarePhish OAuth/QR code phishing framework Bash Bunny USB attack […]
Kerberoasting is a type of attack that exploits the way Microsoft Active Directory handles service accounts. In this article, we will explore how to perform Kerberoasting with CrackMapExec, a powerful penetration testing tool. We will cover the basics of Kerberos authentication, how Kerberoasting works, and how to use CrackMapExec to extract Kerberos tickets and crack […]
Read More “Kerberoasting with CrackMapExec: A Comprehensive Guide”
Today I will write about Kerberos Penetration Testing, which Active Directory uses to manage authentication inside the corporate environments. First a brief explanation about how Kerberos works and what we should know before try to hack Kerberos. How does Kerberos work? Kerberos Components TGT – Ticket Granting Ticket SPN – Service Principals Names are associated […]
Welcome, today I am writing about SSH Penetration Testing fundamentals describing port 22 vulnerabilities. SSH security is one of the topics we all need to understand, remote access services can be an entry point for malicious actors when configured improperly. Understand SSH Protocol Understanding how SSH works are out of scope, here I assume you […]
Infrastructure Penetration Testing is a critical aspect of any organization’s security strategy. In this article, we will cover everything you need to know about Infrastructure Penetration Testing, including the different types of attacks and technologies used, as well as best practices for conducting a successful penetration test. Today I am writing about Infrastructure Penetration Testing […]
Read More “Infrastructure Penetration Testing: A Comprehensive Guide”
The Active Directory Pass the Hash (PtH) attack is a type of credential theft attack that allows an attacker to bypass authentication measures and gain unauthorized access to systems. In this attack, the attacker steals the hash of a user’s login credentials from one system and uses it to authenticate to another system without the […]
Read More “Understanding the Active Directory Pass the Hash Attack”
Mapping/Enumeration Credential Gathering Dumping SAM database Dumping LSA Database Dumping NTDS – DRSUAPI Dumping NTDS – VSS Spidering Hacking Authentication brute force passwords Pass the Hash Password Spraying Managing Files Remote Command Execution Powershell Obfuscation Reverse Shells CrackMapExec Samba Modules
Learn how to crack Active Directory Passwords using Hashcat Crack LM Hashs LM hash is used by Microsoft LAN manager used on old versions, which is totally insecure. We can crack LM with hashcat using: How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases […]
Today I decide to create the HackTheBox Meta WriteUp, is a medium machine running Linux released on 22 Jan 2022. I’ve started scanning the machine using rustscan and detect two open ports, 22 and 80 Port 22 is running SSH I move on and start scanning port 80. On port 80 we have a webserver […]
