Cracking Password Hashes

Passwords are used daily by most people. They protect our valuable information from unauthorized access. Passwords are used on client computing devices, Online services, Wi-Fi, and much more. The purpose of this blog post is to demonstrate how weak passwords hashes can be cracked utilizing various methods and to raise awareness of the risks of…

HackTheBox – SolidState

SolidState is labeled as a “medium” level machine so I decided to take on this for my next target. Port 80 is hosting a web server, let’s see what we get here. So after trying multiple options including SQL injection on the site, finding hidding diretories with dirbuster, it seems that the next step is…

HackTheBox – Devel

By doing a quick nmap scan we can see that port 21 (FTP) and port 80 (http) are opened. Let’s do a slightly more advanced nmap scan to determine the Service Version (-sV) and run the default nmap script (-sC) It looks like anonymous FTP is allowed so let’s start there. We are able to…

HackTheBox – Legacy

I am starting a series where I go through HackTheBox virtual machines. HackTheBox is an environment where we can exploit multiple machines and get points for them. Legacy Legacy is a fairly simple machine. We start by doing a simple NMAP scan to determine what is on the machine. As we can see, port 445…

Hacking Wi-Fi: Obtaining a Two-Way Handshake from WPA2 Networks

  One of the methods of obtaining access to a network is by penetrating into the Wireless Access Point. WPA2 has a vulnerability where an attacker can obtain the two-way handshake between a client and an access point (AP). In this tutorial, I will demonstrate how to obtain a 3-way handshake from an AP and…