Penetration Testing Wiki

How to record your terminal💻 session on Linux🐧

Intro When writting an article about ethical hacking techniques I tried many ways to record my terminal and keep a good quality and resolution. If you record directly your screen with some screencast software the resolution for the letters of the terminal usually gets pixelated, so it’s not looking great. Then luckily I found terminalizer…
Read more

OpenSSL certificate from der to pem

To convert a DER certificate to PEM format, use the following openssl command:

How to intercept HTTPS Traffic from Android App

If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: First thing before enabling the “Proxy Switch”, you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case on…
Read more

How to setup a PHP file dropper without tools

After we have compromised a machine inside a network, we need to download tools for lateral movement, local exploits to escalate privileges, etc. Knowing how to setup a file dropper is crucial. When I was doing the OSCP 24-hour exam but also when doing the training in the labs, that was very useful as I…
Read more

Advanced buffer overflow exploit by Taeho Oh

Note: Transcription from the original article written by Taeho Oh. Internet cannot forget this legend! 1. Introduction Nowadays there are many buffer overflow exploit codes. The early buffer overflow exploit codes only spawned a shell (execute “/bin/sh”). However, nowadays some of the buffer overflow exploit codes have very powerful features.For example, passing through input filtering,…
Read more

Cracking passwords with John the Ripper

If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge “/etc/passwd” and “/etc/shadow” system files into one: Then there are two possible techniques. Technique #1: Dictionary Attack This is useful when we have a long dictionary with common passwords, so we want to audit that no user is…
Read more

How to scan ports with netcat

Sometimes when doing lateral movement in a penetration testing engagement, we don’t want to use nmap to keep a low footprint. There it comes netcat to the rescue which it is already installed in many Linux systems. With this command we can easily perform a port scanning for the most used ports: If you are…
Read more

How to set up CSIRT and SOC guide

ENISA published a very practical guide about establishing a computer security incident response team (CSIRT) or security operations centre (SOC). Source:

Sysadmin tricks: Get an alert when users log in

For some critical machines when it is not usual that users login through SSH or execute SU to become superuser, we can use PAM module configuration to receive some kind of alert whenever a user logs into that machine or escalates privileges to root. Two options here: /etc/pam.d/su: To receive alerts everytime a user becomes…
Read more

Bypassing encryption by memory dumping💣 in a Linux Kernel 2.4 in 2004

I don’t know what you were doing or even if you were even born, but on September 22th 2004 at 4:44 PM I was having fun decrypting an ELF binary going through the awesome NGSEC1 CTF !! There was a binary file encrypted with BurnEye Encryption Engine that had to be decrypted in order…
Read more