If you are interested in security and want be 'up-to-date', great I have for you two good pages with links to talks and videos about security.
These pages are kept up to date, have archival videos and a lot of sources.
So let start guys ;) PaulSec Irongeek.com
#video #list #security #hacking #learning #links
Recently during testing the website I had small problem with cracking passwords.
userkali@kali-test-1:~/Desktop/directory$ hashcat -m 300 --force uuu.hash rockyou.txt
hashcat (pull/1273/head) starting...
OpenCL Platform #1: The pocl project
* Device #1: pthread-Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz, 10031/10031 MB allocatable,
Hashfile 'uuu.hash' on line 1 ($P$BgrNqqCM54GCFYkbsk4MIZ/cXoj8nU1): Line-length exception
Parsing Hashes: 0/1 (0.00%)...No hashes loaded.
Started: Wed Jul 5 07:01:42 2017
Stopped: Wed Jul 5 07:01:42 2017s
Where was the problem?
I choose the wrong hash type ;)
My suggestion first check and make sure that use correct hash type. If you are not sure you can use tool called: hash-identifier or check manually on
Hash types - Hashcat (hardcore geek way ;))).
Do you need honeypot but you don't know where to start search? Or maybe just looking for good list of honeypots to compare with others?.
I have for you 2 pages with list of honeypots (really great lists).
First link here and second link here
If you don't know what is honeypot - read here
#hacking #honeypot #list_of #kippo #honeywall #kojoney
[INFO] My solution tasks for: DVWA, Bricks, Mutillidae, bWAPP, Peruggia and others
If you are interested security and you want develop your security skills for sure you know what it is: Damn Vulnerable Web Application, OWASP Bricks, OWASP Mutillidae and others pages from my list .
At the moment I finished DVWA and OWASP Bricks and currently I am working on: OWASP Mutillidae, OWASP bWAPP as for 29.06.2017.
Current status is here below Achievement.
#solution #dvwa #bricks #owasp #hacking #learning
[ART] Upsss OWASP Mutillidae 2 doesn't work on CentOS?
First check your error log for apache (in my case /var/www/httpd/error.log) if you see error like: Call to undefined function mb_convert_encoding()
you should install yum install -y php-mbstring.x86_64, restart your apache and reload you webpage.
If you get error like: "The database server at localhost appears to be offline" on homepage, I suggest check again configuration file MySQLHandler.php, maybe problem is with login/password to database or you should change database hostname.
In my case I must edit my config in location /var/www/mutillidae/classes/MySQLHandler.php and replace row:
static public $mMySQLDatabaseHost = "127.0.0.1"; on static public $mMySQLDatabaseHost = "localhost";
#centos #problem #Mutillidae #solve
[ART] Hub with hacking/cracking/CTF
Short post about place where you can try your hacking/cracking skills.
- frequently update tasks (wonderfully ;))
- variety tasks, areas, goals (get flag / get access root / get a shell / vulnerable web / stenography / other)
- variety difficulty
- interesting ideas (CTF/vulnerable web collections on VM)
[INFO] Updated list of CTF/hack/wargames/vulnerable webpages
Guys today I have for you updated list of CTF/hack/wargames/vulnerable webpages, it means that you may have more fun and more areas to improve your hacking skills ;)
I added 21 a new websites also in this “ExploitMe Mobile Android“, yes, yes, yes this is a environment to hacking Android, surprise ;) Full updated list
#hack_me #secure #hacking #education #ctf #vulnerable #wargames #hack
[ART] Bugbounty list - legal hacking
Do you want test you technical skills/knowledge on live systems and get: Thanks ; Gifts ; HoF ; Rewards from "victims*"?
If yes, I below put a main resources: - Bugcrowd.com - Vulnerability-lab - Hackerone - Firebounty - Bugbounty
Have a fun and good luck my security buddy ;)
* - company who shared program bugbounty
#bugbounty #hack #hacking #ethicalhacker #list
[INFO] List tools from Kali
Today I have for you updated list of security tools from Kali with description Tools from Kali
#kali #list_of_security #hack #hacking #linux_kali
[ART] DVWA (Damn Vulnerable Web Application) - problem with install on Centos
Today I have for you two tips to help you install DVWA on Linux (tested on CentOS).
First read install guide
I can't install DVWA on Linux because I see error: Could not connect to the database - please check the config file
If your settings in file: config.inc.php are correct check again server_name in line: $_DVWA[ 'db_server' ] = '127.0.0.1'; and correct db_server from 127.0.0.1 to localhost
I get error that my folder uploads is no writable: Writable folder /var/www/dvwa/hackable/uploads/: No
I am sure that you set correct permission for folder uploads, set access for web user, but still problem. I suggest change folder name from uploads to uploads_BAC and again change folder name from uploads_BAC to uploads.
Again set correct access and permission, after this operations your DVWA should works ;)
BTW.: Default security level is: "impossible", I suggest change it on "low" or "medium".
#dvwa #centos #security #vulnerable #tools
[ART] Burp Suite error "burpsuite handshake alert: unrecognized_name"
If you have problem with open website when you use Burp and you get error: burpsuite handshake alert: unrecognized_name" you should close Burp and open again with option: -Djsse.enableSNIExtension=false java -Djsse.enableSNIExtension=false -jar burpsuite[YOUR_VERSION].jar
The problem is with Java from an update in Java 7 where Server Name Indication (SNI) support was enabled by default
If you know more please read this
#burp #proxy #java #burp_suite
[ART] List of attacks - OWASP
This is a list of common attacks in one place, types of attacks, how to protect yourself and how to test. Below "Pages in category "Attack"" you see links to description of attacks. List of attacks
#attack #list #hacking #prevent #owasp #xss #hijacking #csrf
[ART] My favorite youtube channels list about security
I updated basic security checklist, I added a some records which I consider that important for security. I will update this checklist in the future. security checklist update
#checklist #security #linux #hardering
[ART] Basic Security Checklist
I have prepared for you prelude to security your Linux as concise checklist.
#checklist #security #linux #hardering
[INFO] A new content on the page
From today I have the pleasure to inform you that I am starting with a new content on the page. First I will put my content with tag [ART], [INFO], [SCRIPT].
My next post will be about basic security checklist, short prelude to security. Have a fun and safe play ;)
#info #update #tag
[ART] Security/OpenSource/News RSS
Hello amigo, today I have great pleasure give you a list of the best rss channel about security/opensource/news from the Internet. Pluse point is that in one place where you can read short description and link to the webistes and read more. RSS channels.
#info #rss #security #open_source #news
[SCRIPT] Added a new script "Compare SSL keys"
Next useful script compare_ssl_keys.sh use to check that your keys are consistent. Below a short presentation how it works.
[bolek@babol check_ssl]$ ./compare_ssl_keys.sh
Today I updated my check_propagation_dns.sh to checking propagation DNS records. I added a new DNS servers. Below a short presentation how it script works. [bolek@babol propagation]$ ./check_propagation_dns.sh chojnowski.it
SERVER DNS FROM:DNS_Google_California_USA
SERVER DNS FROM:California_USA
SERVER DNS FROM:California_USA
SERVER DNS FROM:Saint_Petersburg_RUS
#info #update #dns #script #tool
[INFO] Finally welcome on my website https://chojnowski.it
Hell yeah! Yes it is true from today my website https://chojnowski.it has a SSL certificate.
#info #update #https
[SCRIPT] Check propagation DNS records all over the world - script
Today I put on my website, simple and quick check_propagation_dns.sh test where your DNS records are available.
Titbit: do you know that my domain chojnowski.it aren't available in: Mexico_City (Mexico), Tirana (Albania), Johannesburg (South Africa), New South Wales (Australia) - very interesting ;)
Remember: sometimes your domain may be not available in diferrent countries, don't worry ;)
#script #dns #propagation #testing #tool
[ART] List of CTF/hack/wargames/vulnerable webpages (primarily practice)
Today I have for you list websites where you can test your knowledge/technical skill of security. Most of websites are "OFFLINE" I mean you have to use virtual machine on your computer. Legend:
ONLINE - you can start fun on the website (online challenge)
OFFLINE - you have to download software to your computer
WEB - type of vulnerability
VM - virtual machine
CODE - software is code and you have to install on your virtual machine
LOGIN - Website require create account
NO LOGIN - Website not require create account
[ART] Metasploit Unleashed - Free Ethical Hacking Course + video
If you reflect how is first step to learn ethical hacking, you should consider free course about how tool Metasploit Unleashed.
Official free ethical hacking is available here
Minimum hardware requirements (on VM):
- HDD: 10 GB
- RAM: 512 MB
- CPU: 500 Mhz
farther you can take a look on free video materials
Have fun! ;)
#metasploit #security #hacking #course #video #education #ethical_hacker #hacking
[INFO] FreeIPA, problem with your IP address server?
If you have a problem during installing FreeIPA on virtual machine and get below error message: invalid ip address 192.168.122.33 for ipa.example.com: cannot use ip network address
you should change mask from /32 to /24 (or some other network mask)
Problem is visible in line inet when you enter command:
[admin@ipa1 ~]$ ip addr | grep 192.168.122.255
inet 192.168.122.12/32 brd 192.168.122.255 scope global eth0
#linux #free_ipa #tips #trick
Security friends, below I would like to present security guide for Red Hat Enterprise ver. 7=>, it is very clear and easy way to learn how hardering Linux (Red Hat, Centos, Fedora and other distro which is based on Red Hat). By the way I recommend other materials from http://www.redhat.com/.
Security Guide here
All documents for Red Hat Enterprise Linux here
#linux #red_hat #hardering #secure #guide
[ART] List tools for pentester
It is list over 235 tools for pentester/ethical hacker/security expert with description from my distro: Kali Linux. The list can you help quick find proper tool for your expectation.
hping3 +++ Active Network Smashing Tool
p0f +++ Passive OS fingerprinting tool
sslstrip +++ SSL/TLS man-in-the-middle attack tool
If you want see all basic tools from official website click here.
#kali #security #backtrack #pentester #hacking #ethical_hacking #security
[INFO] Hello guys
It is my first post on my page. Section "Home" will be use to post a short and very very short information, tips and links about security, open source and everything what is interesting. Sometimes I may post information about update homepage or information about me.
If you want know more about me please click here
If you want know about me projects please click here