Skip to content

Linux Security Blog

How Hackers Work

Search
  • Home
  • Shep Tutorials
    • Set Up Security Shepherd On VMWare
    • Failure To Restrict Access – Solution
    • Insecure DOR – Solution
    • Poor Data Validation – Solution
    • Security Misconfiguration – Solution
    • Insecure Direct Object Reference 2 Solution
    • Cross Site Scripting One Solution
    • SQL Injection Solution
    • OWASP Security Shepherd – Failure To Restrict Access Solution
    • Session Management Challenge One – Solution
  • GNS3 Series
    • Install GNS3 2.2 on Windows10 | Download Link Included
    • Import VirtualBox Images to GNS3
  • Python Series
    • Part I
    • Part II
  • About

Featured

8Jul 202024 Jul 2020
Add a comment

Exploiting F5 Big IP Vulnerability | CVE-2020-5902

CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface (aka Traffic Management User Interface – TMUI) of…

18Jun 202024 Jul 2020
1 Comment

Windows Takeover with a PDF File

There are multiple ways to exploit and take over a Windows machine, today we will look at doing this with…

16Jun 202024 Jul 2020
2 Comments

Discover & Attack Raspberry Pi’s on a Network

Many people never bother to change their default password on their devices. For a Raspberry Pi, this can leave it…

Blockchain…

Breaking News: More Than $600 Million Stolen In Ethereum And Other Cryptocurrencies—Marking One Of Crypto’s Biggest Hacks Ever

10 Aug 202110 Aug 2021
https://www.forbes.com/sites/jonathanponciano/2021/08/10/more-than-600-million-stolen-in-ethereum-and-other-cryptocurrencies-marking-one-of-cryptos-biggest-hacks-ever/?sh=413075dd7f62
Tutorials

COMB – Biggest Data Breach of All Time Explained

28 Feb 202128 Feb 2021
It’s being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of Many Breaches, contains more than 3.2 billion unique pairs of…
Education…

Getting Anonymously Harassed Online? Try This!

17 Aug 202017 Aug 2020
Lots of people are bullied or harassed online from anonymous users on different Social Media platforms that use different accounts and personas. So let's look at how we can try…
Education…

How to Easily Find Anyone on the Internet

26 Jul 202026 Jul 2020
I just put a short video together to demonstrate the installation of Serlock and what it can do. Qubits 2020-07-26
#career…

Top Linux Interview Questions

10 Jul 202024 Jul 2020
So you want to ace that interview for a Linux position in a company and want to know what would be the interview questions you really need to know? Let's…
Development…

Install Lightweight Ubuntu and Apache Web Server on Windows10

29 Jun 202024 Jul 2020
So some of you may have heard that WSL2 (Windows Subsystem for Linux) was released last year, so in this post we will install it and run an Apache server…
#career…

Python Scripting for the Ethical Hacker Part II

9 Jun 202018 Jun 2020
Welcome back to LSB my fellow ethical hackers, this is the second part to our Python scripting tutorial. Today we will be installing PyCharm and creating our first Python script.…
AppSec…

Python Scripting For Ethical Hacking Part I

15 May 202024 Jul 2020
We've been working on so much lately that it's been a while since our last post so thank you all for being patient. We decided that we should start a…
Development…

How Linux Package Managers Work

2 Apr 20202 Apr 2020
#career…

Regex Cheat Sheet

9 Feb 202011 Feb 2020
A regular expression, regex or regexp is a sequence of characters that define a search pattern. Usually such patterns are used by string searching algorithms for "find" or "find and…
#career…

Configuring Your IAM Securely on AWS

20 Dec 201924 Jul 2020
To help secure your AWS resources, follow these recommendations for the AWS Identity and Access Management (IAM) service. Lock Away Your AWS Account Root User Access Keys You use an…
AppSec…

Gaining Root From a Buffer Overflow Vulnerability

9 Dec 201924 Jul 2020
Buffer overflow flaws can be present in both the web server and application server products that serve the static and dynamic portions of a site, or in the web application…
#career…

PenTesting: Gaining Root Privileges on Kioptrix

6 Dec 201924 Jul 2020
Kioptrix is a Capture The Flag style VulnHub VM and the aim of the game is to gain root privileges. We will be using Kali Linux in this post so…
#Metasploit…

Write an IMAP Fuzzing Tool

3 Dec 201924 Jul 2020
Picture this scenario. During a host reconnaissance session we discovered an IMAP Mail server which is known to be vulnerable to a buffer overflow attack (Surgemail 3.8k4-4). We found an…
AppSec…

First Stack Buffer Overflow to modify Variable

30 Nov 201924 Jul 2020
Stack0: https://exploit.education/protostar/s... Intel Reference: intel.de/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf  
Cyber Security…

How To Fully Anonymize Your IP

20 Nov 201924 Jul 2020
As a security professional, sometimes you will want to anonymize your web traffic so as not to set alarms off. Today we will be looking at TOR and a tool…
#Metasploit…

Gaining Access to Windows10 Through VLC Exploit

14 Nov 201924 Jul 2020
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. Today we…
AppSec…

Import VirtualBox Images to GNS3

1 Nov 201924 Jul 2020
This is the second post of our GNS3 tutorials, today we will look at how to import a VirtualBox image into GNS3. If you haven't installed GNS3 yet or downloaded…
#career…

Install GNS3 2.2 on Windows10 | Download Link Included

31 Oct 201924 Jul 2020
GNS3 is a Graphical Network Simulator that allows emulation of complex networks. GNS3 allows the same type of emulation using Cisco Internetwork Operating Systems. It allows you to run a…
Attacks…

Crack WPA Handshake using Aircrack with Kali Linux

29 Oct 201924 Jul 2020
Today's tutorial will be looking into how you can crack the password of the 4 way handshake of someone that is re-authenticating themselves to a wireless router. The goal is…
AppSec…

XML External Entity (XXE) Vulnerability

14 Oct 20199 Mar 2020
According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to…
#Metasploit…

BlueKeep – Exploit Windows (RDP Vulnerability) Remotely

10 Oct 201924 Jul 2020
Remote desktop protocol (RDP) is a secure network communications protocol designed for remote management, as well as for remote access to virtual desktops, applications and an RDP terminal server. RDP…
AppSec…

Movies Featuring the Nmap Security Scanner

6 Oct 201930 Oct 2019
The Nmap Security Scanner has appeared in many major motion pictures (as well as more obscure films). This gallery provides screen shots and details for each movie. Source: Movies Featuring…
Attacks…

Reverse Engineering Router Firmware

3 Oct 201924 Jul 2020
Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object; similar to…
Cyber Security…

Send Secret Files in an Image Using Steganography

2 Oct 201924 Jul 2020
Steganography is data hidden within data. It enables us to embed files, messages or links into an image that can't be detected by email filters. So we can send secret…
Attacks…

Create a Backdoor Shell Script in Python

28 Sep 201924 Jul 2020
So we've delved into Python before, but this post should be a bit more interesting. What we will do today is write a backdoor in Python and if you manage…
#Metasploit…

Exploiting Routers With Routersploit

26 Sep 201924 Jul 2020
If you have Wi-Fi at home, then you have a router, this is how you get your internet access. Today we will be looking a piece of software that allows…
Attacks…

Find Vulnerable Devices On The Internet With Shodan

9 Sep 201924 Jul 2020
Welcome back to LSB and thanks for reading. Today we will be looking at how to search for vulnerable devices around the world using Shodan. Shodan is an index of…
#career…

Hacking Android With Metasploit

4 Sep 201924 Jul 2020
Good morning/evening/night my fellow hackers, today's lesson is on Metasploit and how we can hack Android with a Metasploit payload. So let's get started!! As always, this post is for…
#career…

Set up some Honeypots and a Threat Map

2 Sep 201924 Jul 2020
Welcome back my fellow ethical hackers. Remember, the contents in this post is for educational purposes and should only be used for ethical reasons, so with that caveat, let's get…
AppSec…

Securing Your Crypto Wallet

22 Aug 201924 Jul 2020
by Areeb Soo Yasir · Published · 2019-08-22 Why the world misses out on basic user-based security and isolation. When it came time to create my CryptocurrencyOS, based on Linux…
AppSec…

Write a Ping Sweeper in 4 Lines of Bash

21 Aug 201924 Jul 2020
What we will do today is write a script that will ping a certain IP range and tell us which IP's respond to our ICMP requests. In other words we…
Cyber Security…

Managing the Linux /tmp Directory Expertly

30 Jul 201924 Jul 2020
Posted July 30, 2019 | by Ken Hess (Red Hat) The /tmp directory is a temporary landing place for files. Users also have write access to this directory, which can…
Cyber Security

Our Linux Sister Linuxsecurity.com are Celebrating their 20th Anniversary by Launching a New Website

23 Jul 201924 Jul 2020
LinuxSecurity.com is the community's central source for information on Linux and open source security. They follow the open source trends as they affect the community. Also they produce content that…
AppSec…

Set Up A Penetration Testing Lab Easily With Vagrant

30 May 201924 Jul 2020
Today we will be looking at a neat little command line tool called Vagrant. This tool allows us to deploy virtual machines seamlessly and we are going to show you…
AppSec…

ProxyChains For Anonymity

29 May 201924 Jul 2020
Introduction Proxychains is an incredibly useful tool that is incredibly poorly documented. In this tutorial, we will cover using proxychains and SSH to connect to a multihomed device (like a…
Cyber Security…

Handy Bash one-liners

22 May 201924 Jul 2020
Terminal Tricks Using Ctrl keys Ctrl + n : same as Down arrow. Ctrl + p : same as Up arrow. Ctrl + r : begins a backward search through…
AppSec…

Enabling Monitor Mode & Packet Injection on the Raspberry Pi

20 May 201924 Jul 2020
By Kodyhttps://null-byte.wonderhowto.com/how-to/enable-monitor-mode-packet-injection-raspberry-pi-0189378/The Raspberry Pi Zero W and Pi 3 Model B+ include integrated Wi-Fi, Bluetooth Low Energy, and more than enough power to run Kali Linux. They sound like perfect…
#career…

Understanding How Blockchain Works

18 May 201924 Jul 2020
In this blockchain tutorial, I will get blockchain explained from the basics, include the advantages of its technology and how the blockchain will benefit the way the world operates in…
#career…

OWASP A2: Broken Authentication and Session Management Cause and Prevention

12 May 201924 Jul 2020
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence WIDESPREAD Detectability AVERAGE Impact SEVERE Application / Business Specific Consider anonymous external attackers, as well…
AppSec…

New Exploits for Insecure SAP Systems

6 May 201924 Jul 2020
Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target insecure configurations of SAP components. Technical Details A presentation…
#career…

Best Linux Distros for Ethical Hacking and Penetration Testing

1 May 201924 Jul 2020
Here is a list of some top Linux distro for ethical hacking and penetration testing that will surely help you to pick one that best fits your need. Kali Linux:…

Posts navigation

Older posts

RSS ls -a /Zer0Days

  • [webapps] Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
  • [webapps] SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
  • [remote] Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
  • [webapps] Ulicms 2023.1 - create admin user via mass assignment
  • [webapps] Zenphoto 1.6 - Multiple stored XSS
  • [webapps] WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
  • [local] Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
  • [webapps] Service Provider Management System v1.0 - SQL Injection
  • [webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
  • [webapps] FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

Follow Us

  • Twitter
  • Facebook
  • Tumblr
  • Reddit

RSS Crypto News

  • An error has occurred; the feed is probably down. Try again later.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,441 other subscribers

ls /categories

AppSec Attacks Bugs Cryptography Cyber Security Education Encryption Entertainment Exploits Hacking Linux Open Source Operating Systems OWASP Penetration Testing Privacy Security Technology Tips Tutorials

ls /comments

dark92i (@dark92i) on The Hidden Wiki
Foster Eli on Best Darkweb Links
crypstalk21 on Securing Your Crypto Wallet
kioptrix vm on PenTesting: Gaining Root Privi…
Johnny Dickman (@Dar… on The Darknet 2019
XXS Attack – P… on Payload in PDF

ls -a -v /community

ls /MostVisited

  • Best Darkweb Links
    Best Darkweb Links
  • Crack WPA Handshake using Aircrack with Kali Linux
    Crack WPA Handshake using Aircrack with Kali Linux
  • Payload in PDF
    Payload in PDF
  • Find Vulnerable Devices On The Internet With Shodan
    Find Vulnerable Devices On The Internet With Shodan
  • Set Up A Penetration Testing Lab Easily With Vagrant
    Set Up A Penetration Testing Lab Easily With Vagrant
  • How To Use Netcat to Establish and Test TCP and UDP Connections
    How To Use Netcat to Establish and Test TCP and UDP Connections
  • OWASP Security Shepherd- Session Management Challenge One - Solution - LSB
    OWASP Security Shepherd- Session Management Challenge One - Solution - LSB
  • Write a Ping Sweeper in 4 Lines of Bash
    Write a Ping Sweeper in 4 Lines of Bash
  • PenTesting: Gaining Root Privileges on Kioptrix
    PenTesting: Gaining Root Privileges on Kioptrix
  • Import VirtualBox Images to GNS3
    Import VirtualBox Images to GNS3

ls /Archives

Follow Linux Security Blog on WordPress.com

We Use Social Media

  • Twitter
  • Reddit
  • Facebook
  • Tumblr
  • Pinterest
  • YouTube
Create a website or blog at WordPress.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Linux Security Blog
      • Join 272 other followers
    • Already have a WordPress.com account? Log in now.
    • Linux Security Blog
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...
 

You must be logged in to post a comment.