Local File Inclusion & Remote Command Execution

Local File Inclusion (LFI) is an exploit, which involves gaining access to local system files of a web server, though a website. The vulnerability occurs when a website does not have proper validating on which files it can and cannot include. From an attackers point of view the gold of … Continue reading

Share Button

MS12-020 RDP Vulnerability PoC & Analysis

In March 2012 a security breach was released regarding a vulnerability in the Remote Desktop Protocol (RDP). The vulnerability related to almost all Windows platforms, and was later released under CVE-2012-0002 and MS12-020 In short, the vulnerability enables an attacker to send a sequence of specially crafted RDP packets, which … Continue reading

Share Button

FreeRDP – RD Gateway client for Linux

If you are Googling for software that allows you to use remote desktop from a Linux OS through a RD Gateway to another server – Stop! I spend hours doing the same with no luck. I tried out a bunch of tools with no luck either. Here is some of … Continue reading

Share Button

Defacing and Cookie Stealing with Cross-site scripting

In a cross-site scripting attack (XSS), the attacker inject scripts into input forms, search fields or site URLs, in order to make a website do different tasks when viewed by users. The object of this tutorial is to show the dangers of XSS attacks, why you should never trust user … Continue reading

Share Button

Hack Ubuntu Account Password

In the tutorial Hack Windows 7 Account Password, I showed that having a account password on a Windows computer does not mean that it is unbreakable. In this tutorial, we are going to have a look at how to do something similar on the Linux based system – Ubuntu, by … Continue reading

Share Button

Netcat Basics

Netcat is an awesome network tool, which can be used for pretty much anything network related. File transfers, remote access, tunneling and network debugging is some of the common tasks it is often used for. Netcat is found for both nix and Windows systems. In this tutorial, we are going … Continue reading

Share Button

Backtrack 5 on Google Nexus

I love playing around with my android phone. The fact that it’s linux based makes it flexible and hackabel. In this tutorial, we are going to look at how to run the linux distro Backtrack on Googles Galaxy Nexus phone. For this you need a rooted device along with a … Continue reading

Share Button

Packet Crafting with Scapy

I found this great tool called Scapy, which enables the users to capture, build and send packets onto the network exactly as they want them. This opens for a world of possibilities and because Scapy is based on Python it’s fairly easy to script advanced network functions. I’m using Backtrack … Continue reading

Share Button

Bruteforce attack on RDP, SSH & FTP using Ncrack

Ncrack is a network authentication cracking tool. It is used to do bruteforce attacks on different protocols and is fairly straight forward to use. First of all let’s check which services is running on the target computer. We do this by doing an nmap scan – in this scenario the … Continue reading

Share Button

Linuxzoo

I want to advertise a little bit for a website called linuxzoo.net. I had a course at Edinburgh Napier University called Network Services with a lecturer called Dr. Gordon Russell, who is the creator of the site. The site is a great place to learn Linux, no matter if you … Continue reading

Share Button