[ART] Two good lists of Sec talks/videos

If you are interested in security and want be 'up-to-date', great I have for you two good pages with links to talks and videos about security.
These pages are kept up to date, have archival videos and a lot of sources.
So let start guys ;)
#video #list #security #hacking #learning #links

[ART] Hashcat - Parsing Hashes: 0/1 (0.00%)...No hashes loaded - why?

Recently during testing the website I had small problem with cracking passwords.
Below details:
userkali@kali-test-1:~/Desktop/directory$ hashcat -m 300 --force uuu.hash rockyou.txt
hashcat (pull/1273/head) starting...
OpenCL Platform #1: The pocl project
* Device #1: pthread-Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz, 10031/10031 MB allocatable, 2MCU
Hashfile 'uuu.hash' on line 1 ($P$BgrNqqCM54GCFYkbsk4MIZ/cXoj8nU1): Line-length exception
Parsing Hashes: 0/1 (0.00%)...No hashes loaded.
Started: Wed Jul 5 07:01:42 2017
Stopped: Wed Jul 5 07:01:42 2017s

Where was the problem?
I choose the wrong hash type ;)
My suggestion first check and make sure that use correct hash type. If you are not sure you can use tool called: hash-identifier or check manually on Hash types - Hashcat (hardcore geek way ;))).

If you need more knowledge about cryptographic hash functions I recommend to:
Comparison of cryptographic hash functions
Hash function security summary
Cipher security summary
List of hash functions
#hacking #kali #cracking #cathash

[ART] List of honeypots

Do you need honeypot but you don't know where to start search? Or maybe just looking for good list of honeypots to compare with others?.
I have for you 2 pages with list of honeypots (really great lists).
First link here and second link here
If you don't know what is honeypot - read here
#hacking #honeypot #list_of #kippo #honeywall #kojoney

[INFO] My solution tasks for: DVWA, Bricks, Mutillidae, bWAPP, Peruggia and others

If you are interested security and you want develop your security skills for sure you know what it is: Damn Vulnerable Web Application, OWASP Bricks, OWASP Mutillidae and others pages from my list .
At the moment I finished DVWA and OWASP Bricks and currently I am working on: OWASP Mutillidae, OWASP bWAPP as for 29.06.2017.
Current status is here below Achievement.
#solution #dvwa #bricks #owasp #hacking #learning

[ART] A pack of security addons for Firefox

It is short post for everyone who want install additional security addons for Firefox, but have a doubts. The list created by Jeremy Druin, author the OWASP Mutillidae 2 Project
List of security addons for Firefox
#firefox #security #pack #addons #web_security

[ART] Upsss OWASP Mutillidae 2 doesn't work on CentOS?

First check your error log for apache (in my case /var/www/httpd/error.log) if you see error like:
Call to undefined function mb_convert_encoding()
you should install yum install -y php-mbstring.x86_64, restart your apache and reload you webpage.
If you get error like:
"The database server at localhost appears to be offline"
on homepage, I suggest check again configuration file MySQLHandler.php, maybe problem is with login/password to database or you should change database hostname. In my case I must edit my config in location /var/www/mutillidae/classes/MySQLHandler.php and replace row: static public $mMySQLDatabaseHost = ""; on static public $mMySQLDatabaseHost = "localhost";
#centos #problem #Mutillidae #solve

[ART] Hub with hacking/cracking/CTF

Short post about place where you can try your hacking/cracking skills.
- frequently update tasks (wonderfully ;))
- community
- variety tasks, areas, goals (get flag / get access root / get a shell / vulnerable web / stenography / other)
- variety difficulty
- interesting ideas (CTF/vulnerable web collections on VM)

#hack_me #secure #hacking #education #ctf #vulnerable #wargames #hack

[INFO] Updated list of CTF/hack/wargames/vulnerable webpages

Guys today I have for you updated list of CTF/hack/wargames/vulnerable webpages, it means that you may have more fun and more areas to improve your hacking skills ;)
I added 21 a new websites also in this “ExploitMe Mobile Android“, yes, yes, yes this is a environment to hacking Android, surprise ;)
Full updated list
#hack_me #secure #hacking #education #ctf #vulnerable #wargames #hack

[ART] Bugbounty list - legal hacking

Do you want test you technical skills/knowledge on live systems and get:
Thanks ; Gifts ; HoF ; Rewards from "victims*"?
If yes, I below put a main resources:
- Bugcrowd.com
- Vulnerability-lab
- Hackerone
- Firebounty
- Bugbounty
Have a fun and good luck my security buddy ;)
* - company who shared program bugbounty
#bugbounty #hack #hacking #ethicalhacker #list

[INFO] List tools from Kali

Today I have for you updated list of security tools from Kali with description
Tools from Kali

#kali #list_of_security #hack #hacking #linux_kali

[ART] DVWA (Damn Vulnerable Web Application) - problem with install on Centos

Today I have for you two tips to help you install DVWA on Linux (tested on CentOS).
First read install guide
First tip:
I can't install DVWA on Linux because I see error: Could not connect to the database - please check the config file
If your settings in file: config.inc.php are correct check again server_name in line: $_DVWA[ 'db_server' ] = ''; and correct db_server from to localhost
Second tip:
I get error that my folder uploads is no writable: Writable folder /var/www/dvwa/hackable/uploads/: No
I am sure that you set correct permission for folder uploads, set access for web user, but still problem. I suggest change folder name from uploads to uploads_BAC and again change folder name from uploads_BAC to uploads.
Again set correct access and permission, after this operations your DVWA should works ;)
BTW.: Default security level is: "impossible", I suggest change it on "low" or "medium".
#dvwa #centos #security #vulnerable #tools

[ART] Burp Suite error "burpsuite handshake alert: unrecognized_name"

If you have problem with open website when you use Burp and you get error: burpsuite handshake alert: unrecognized_name" you should close Burp and open again with option: -Djsse.enableSNIExtension=false
java -Djsse.enableSNIExtension=false -jar burpsuite[YOUR_VERSION].jar
The problem is with Java from an update in Java 7 where Server Name Indication (SNI) support was enabled by default
If you know more please read this
#burp #proxy #java #burp_suite

[ART] List of attacks - OWASP

This is a list of common attacks in one place, types of attacks, how to protect yourself and how to test. Below "Pages in category "Attack"" you see links to description of attacks.
List of attacks
#attack #list #hacking #prevent #owasp #xss #hijacking #csrf

[ART] My favorite youtube channels list about security

Hi. It is next post about useful list that may be helpful for you. This is my subjective list youtube channels for everyone who likes and love security.
My list includes two groups, channels for people who know polish (with mark PL) and people who know english (mark EN).
If you want be 'up-date' in future you can see here, this is the file where I will update my favorite channels, if you want suggest 'good' source, please let me know.
English Youtube channels:
Adrian Crenshaw [EN]
Security BSides London [EN]
Virus Bulletin [EN]
GynvaelColdwind [EN]
Polish Youtube channels:
Akademickie Stowarzyszenie Informatyczne [PL]
CERT Polska [PL]
GynvaelColdwind [PL]
Bsides Warsaw
#security #videos #hacking #pentest

[INFO] Basic Security Checklist Update

I updated basic security checklist, I added a some records which I consider that important for security. I will update this checklist in the future.
security checklist update
#checklist #security #linux #hardering

[ART] Basic Security Checklist

I have prepared for you prelude to security your Linux as concise checklist. security checklist
#checklist #security #linux #hardering

[INFO] A new content on the page

From today I have the pleasure to inform you that I am starting with a new content on the page. First I will put my content with tag [ART], [INFO], [SCRIPT].
My next post will be about basic security checklist, short prelude to security. Have a fun and safe play ;)
#info #update #tag

[ART] Security/OpenSource/News RSS

Hello amigo, today I have great pleasure give you a list of the best rss channel about security/opensource/news from the Internet. Pluse point is that in one place where you can read short description and link to the webistes and read more. RSS channels.
#info #rss #security #open_source #news

[SCRIPT] Added a new script "Compare SSL keys"

Next useful script compare_ssl_keys.sh use to check that your keys are consistent. Below a short presentation how it works.
[bolek@babol check_ssl]$ ./compare_ssl_keys.sh
*.crt: cert.crt
*.key: private.key

*.crt: 4d72cbd0e029b2147b1ac05adedea7a5
*.key: 4d72cbd0e029b2147b1ac05adedea7a5
*.csr: error
#script #ssl #compare #tool #testing #info

[INFO] Updated my script "Check propagation DNS"

Today I updated my check_propagation_dns.sh to checking propagation DNS records. I added a new DNS servers. Below a short presentation how it script works.
[bolek@babol propagation]$ ./check_propagation_dns.sh chojnowski.it
SERVER DNS FROM:Saint_Petersburg_RUS
#info #update #dns #script #tool

[INFO] Finally welcome on my website https://chojnowski.it

Hell yeah! Yes it is true from today my website https://chojnowski.it has a SSL certificate.
#info #update #https

[SCRIPT] Check propagation DNS records all over the world - script

Today I put on my website, simple and quick check_propagation_dns.sh test where your DNS records are available.
Titbit: do you know that my domain chojnowski.it aren't available in: Mexico_City (Mexico), Tirana (Albania), Johannesburg (South Africa), New South Wales (Australia) - very interesting ;)
Remember: sometimes your domain may be not available in diferrent countries, don't worry ;)
#script #dns #propagation #testing #tool

[ART] List of CTF/hack/wargames/vulnerable webpages (primarily practice)

Today I have for you list websites where you can test your knowledge/technical skill of security. Most of websites are "OFFLINE" I mean you have to use virtual machine on your computer.
ONLINE - you can start fun on the website (online challenge)
OFFLINE - you have to download software to your computer
WEB - type of vulnerability
VM - virtual machine
CODE - software is code and you have to install on your virtual machine
LOGIN - Website require create account
NO LOGIN - Website not require create account

(ONLINE / LOGIN) https://www.hack.me/
(ONLINE / LOGIN) https://www.hackthis.co.uk
(ONLINE / LOGIN) http://Enigmagroup.org/
(ONLINE / LOGIN) https://lab.pentestit.ru/
(ONLINE / NO LOGIN) http://overthewire.org
(ONLINE / NO LOGIN) http://smashthestack.org
(ONLINE / NO LOGIN) http://ctf.infosecinstitute.com
(ONLINE / LOGIN) https://ctf365.com/
(ONLINE / LOGIN) https://www.root-me.org
(OFFLINE / VM) https://exploit-exercises.com/
(OFFLINE / VM) http://www.cis.syr.edu
(ONLINE / LOGIN) http://www.wechall.net
(OFFLINE / WEB / VM) OWASP_Broken_Web_Applications_Project
(OFFLINE / WEB / CODE) OWASP_Mutillidae_2_Project
(OFFLINE / WEB / VM) hackxor
(OFFLINE / WEB / VM / CODE) vuln-web-app
(OFFLINE / WEB / VM) lampsecurity
(OFFLINE / WEB / VM) virtualhacking
(OFFLINE / WEB / VM) metasploitable
(OFFLINE / WEB / CODE) exploitcoilvuln
(OFFLINE / WEB / CODE) OWASP_WebGoat_Project
#hack_me #secure #hacking #education #ctf #vulnerable

[ART] Interesting links from OWASP Project

Below the best projects, materials about website/application security from OWASP Project.
- Testing Guide - OWASP Testing Project
- List of the 10 Most Critical Web Application Security Risks - OWASP Top Ten Project 2013. Version 2016 should be this year or early next year.
- Fundamentals of testing web application technical security controls and secure development.OWASP Application Security Verification Standard Project (OWASP ASVS)
- Cheat sheets provide collection of information on specific web application security topics - OWASP Cheat Sheet Series
- Describe the most important control and control categories in your projects (for all architects and developers) - OWASP Proactive Controls
- Utility checks publicly disclosed, vulnerabilities in your software (Java, .NET) - OWASP Dependency Check
#owasp #projects #top_ten #guide #education #security #tips #tricks

[ART] Metasploit Unleashed - Free Ethical Hacking Course + video

If you reflect how is first step to learn ethical hacking, you should consider free course about how tool Metasploit Unleashed.
Official free ethical hacking is available here
Minimum hardware requirements (on VM):
- HDD: 10 GB
- RAM: 512 MB
- CPU: 500 Mhz
farther you can take a look on free video materials
Have fun! ;)
#metasploit #security #hacking #course #video #education #ethical_hacker #hacking

[INFO] FreeIPA, problem with your IP address server?

If you have a problem during installing FreeIPA on virtual machine and get below error message:
invalid ip address for ipa.example.com: cannot use ip network address
you should change mask from /32 to /24 (or some other network mask)
Problem is visible in line inet when you enter command:
[admin@ipa1 ~]$ ip addr | grep
inet brd scope global eth0
#linux #free_ipa #tips #trick

[ART] Hardering RedHat Enterprise 7 (Security Guide)

Security friends, below I would like to present security guide for Red Hat Enterprise ver. 7=>, it is very clear and easy way to learn how hardering Linux (Red Hat, Centos, Fedora and other distro which is based on Red Hat). By the way I recommend other materials from http://www.redhat.com/.
Security Guide here
All documents for Red Hat Enterprise Linux here
#linux #red_hat #hardering #secure #guide

[ART] List tools for pentester

It is list over 235 tools for pentester/ethical hacker/security expert with description from my distro: Kali Linux. The list can you help quick find proper tool for your expectation.
Below example:
hping3 +++ Active Network Smashing Tool
p0f +++ Passive OS fingerprinting tool
sslstrip +++ SSL/TLS man-in-the-middle attack tool
Download here.
If you want see all basic tools from official website click here.
#kali #security #backtrack #pentester #hacking #ethical_hacking #security

[INFO] Hello guys

It is my first post on my page. Section "Home" will be use to post a short and very very short information, tips and links about security, open source and everything what is interesting. Sometimes I may post information about update homepage or information about me.
If you want know more about me please click here
If you want know about me projects please click here
#hello #first_post