Tag: pentesting

Penetration Testing Wiki

asp.net viewstate decoder

๐Ÿ” How to decode ASP.NET VIEWSTATE

Sometimes when doing web pentesting against an ASP web application is useful a tool like this: For that, I developed a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a…
Read more

10 RULES TO BECOME A GREAT PENTESTER

#1 First step is to understand deeply how a computer, network works. So without this understanding you cannot understand what is happening behind the scenes. Get a good understanding of computer memory, network protocols, OS essentials,… #2 Kali linux is the standard the facto for pentesting, so you will have to master Linux commands. #3…
Read more

How to disguise a covert channel with netcat like a harmless command

One of the most important steps after the post-exploitation is to cover our activities and maintain access to the target. In Linux, BSD or Unix we can easily disguise a process name to hide our covert operations. We can abuse the C function execv() to show one command but execute one completely different. In the…
Read more

How to intercept HTTPS Traffic from Android App

If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: https://play.google.com/store/apps/details?id=org.proxydroid First thing before enabling the “Proxy Switch”, you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case 192.168.1.134 on…
Read more

How to setup a PHP file dropper without tools

After we have compromised a machine inside a network, we need to download tools for lateral movement, local exploits to escalate privileges, etc. Knowing how to setup a file dropper is crucial. When I was doing the OSCP 24-hour exam but also when doing the training in the labs, that was very useful as I…
Read more

Cracking passwords with John the Ripper

If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge “/etc/passwd” and “/etc/shadow” system files into one: Then there are two possible techniques. Technique #1: Dictionary Attack This is useful when we have a long dictionary with common passwords, so we want to audit that no user is…
Read more

How to scan ports with netcat

Sometimes when doing lateral movement in a penetration testing engagement, we don’t want to use nmap to keep a low footprint. There it comes netcat to the rescue which it is already installed in many Linux systems. With this command we can easily perform a port scanning for the most used ports: If you are…
Read more

Gadgets for Penetration Testing

Hardware gadgets http://syncstop.com/ SyncStop prevents accidental data exchange when your device is plugged into someone elseโ€™s computer or a public charging station https://usbninja.com/ USBninja

CEH certificate 2023 renewal

Certified Ethical Hacker v9 recertification

After finishing 141 ECE credits (tools, conferences, papers, vulnerabilities reported), I just got recertified… until 2023 still a Certified Ethical Hacker ๐Ÿ˜Š

OSCP certification 2018

Checkmate! OSCP certification passed

I have to admit that doesn’t matter how much experience you have with penetration testing, the exam is challenging because the attack surface is big: 65535 ports x 2 protocols x 4 machines = 524,280 ports. In the fifth machine, you know beforehand which is the vulnerable port and you just have to develop a…
Read more