Skip to content

ls /blog

Linux Security Blog

Search
  • Home
  • Shep Tutorials
    • Set Up Security Shepherd On VMWare
    • Failure To Restrict Access – Solution
    • Insecure DOR – Solution
    • Poor Data Validation – Solution
    • Security Misconfiguration – Solution
    • Insecure Direct Object Reference 2 Solution
    • Cross Site Scripting One Solution
    • SQL Injection Solution
    • OWASP Security Shepherd – Failure To Restrict Access Solution
    • Session Management Challenge One – Solution
  • Linux Courses
    • Hyperledger Fundamentals
    • LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!
    • KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION
    • OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!
    • THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS
    • Get a FREE Dell Chromebook 11 with qualifying Linux Foundation instructor-led course purchase!
  • GNS3 Series
    • Install GNS3 2.2 on Windows10 | Download Link Included
    • Import VirtualBox Images to GNS3
  • About

Category: Hacking

#career…

PenTesting: Gaining Root Privileges on Kioptrix

6 Dec 20196 Dec 2019
Kioptrix is a Capture The Flag style VulnHub VM and the aim of the game is to gain root privileges. We will be using Kali Linux in this post so…
#Metasploit…

Write an IMAP Fuzzing Tool

3 Dec 20193 Dec 2019
Picture this scenario. During a host reconnaissance session we discovered an IMAP Mail server which is known to be vulnerable to a buffer overflow attack (Surgemail 3.8k4-4). We found an…
#Metasploit…

Gaining Access to Windows10 Through VLC Exploit

14 Nov 201920 Nov 2019
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. Today we…
Attacks…

Crack WPA Handshake using Aircrack with Kali Linux

29 Oct 201930 Oct 2019
Today's tutorial will be looking into how you can crack the password of the 4 way handshake of someone that is re-authenticating themselves to a wireless router. The goal is…
AppSec…

XML External Entity (XXE) Vulnerability

14 Oct 201927 Oct 2019
According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to…
AppSec…

Movies Featuring the Nmap Security Scanner

6 Oct 201930 Oct 2019
The Nmap Security Scanner has appeared in many major motion pictures (as well as more obscure films). This gallery provides screen shots and details for each movie. Source: Movies Featuring…
Attacks…

Create a Backdoor Shell Script in Python

28 Sep 201926 Nov 2019
So we've delved into Python before, but this post should be a bit more interesting. What we will do today is write a backdoor in Python and if you manage…
#Metasploit…

Exploiting Routers With Routersploit

26 Sep 20195 Oct 2019
If you have Wi-Fi at home, then you have a router, this is how you get your internet access. Today we will be looking a piece of software that allows…
Attacks…

Find Vulnerable Devices On The Internet With Shodan

9 Sep 201923 Sep 2019
Welcome back to LSB and thanks for reading. Today we will be looking at how to search for vulnerable devices around the world using Shodan. Shodan is an index of…
#career…

Hacking Android With Metasploit

4 Sep 20197 Sep 2019
Good morning/evening/night my fellow hackers, today's lesson is on Metasploit and how we can hack Android with a Metasploit payload. So let's get started!! As always, this post is for…
#career…

Set up some Honeypots and a Threat Map

2 Sep 201917 Sep 2019
Welcome back my fellow ethical hackers. Remember, the contents in this post is for educational purposes and should only be used for ethical reasons, so with that caveat, let's get…
#career…

SysAdmin Day Sales – The Linux Foundation

16 Jul 201916 Jul 2019
To celebrate Sysadmin Day, starting July 16th we’re offering all our IT certification and prep course bundles for only $325 each! We’ll also throw in a bonus course, regularly priced…
#career…

June Deals: 70% Off Linux Foundation Bundles

16 Jun 201916 Jun 2019
For a limited time, get in-depth training in the open source technologies that matter most with one of our career training bundles - only $349 each - for a 70%…
AppSec…

Set Up A Penetration Testing Lab Easily With Vagrant

30 May 201915 Nov 2019
Today we will be looking at a neat little command line tool called Vagrant. This tool allows us to deploy virtual machines seamlessly and we are going to show you…
AppSec…

ProxyChains For Anonymity

29 May 201926 Nov 2019
Introduction Proxychains is an incredibly useful tool that is incredibly poorly documented. In this tutorial, we will cover using proxychains and SSH to connect to a multihomed device (like a…
AppSec…

Enabling Monitor Mode & Packet Injection on the Raspberry Pi

20 May 201920 May 2019
By Kodyhttps://null-byte.wonderhowto.com/how-to/enable-monitor-mode-packet-injection-raspberry-pi-0189378/The Raspberry Pi Zero W and Pi 3 Model B+ include integrated Wi-Fi, Bluetooth Low Energy, and more than enough power to run Kali Linux. They sound like perfect…
#career…

OWASP A2: Broken Authentication and Session Management Cause and Prevention

12 May 201912 May 2019
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence WIDESPREAD Detectability AVERAGE Impact SEVERE Application / Business Specific Consider anonymous external attackers, as well…
AppSec…

New Exploits for Insecure SAP Systems

6 May 201918 May 2019
Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target insecure configurations of SAP components. REGISTER TODAY FOR YOUR…
#career…

Best Linux Distros for Ethical Hacking and Penetration Testing

1 May 20191 May 2019
Here is a list of some top Linux distro for ethical hacking and penetration testing that will surely help you to pick one that best fits your need. Kali Linux:…
AppSec…

Emotet The Banking Trojan

11 Apr 2019
Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it’s evolved to become a major threat to users everywhere. Let’s talk…
#career…

Create An SQL Backdoor

7 Apr 20197 Apr 2019
SQL Malware affects a variety of database-driven applications, including but not limited to web applications, services, and desktop applications. This breed of malware is made possible by the SQL functionality for triggers and stored sub-procedures. Notice: SQL malware persists beyond deletion of rows…
AppSec…

SMB Exploited

14 Mar 201916 Nov 2019
Server Message Block (SMB) is the transport protocol used by Windows machines for a wide variety of purposes such as file sharing, printer sharing, and access to remote Windows services.…
AppSec…

Exploiting XXE Vulnerabilities

5 Mar 201927 Nov 2019
By Chris Davis XXE (XML External Entity) attacks happen when an XML parser improperly processes input from a user that contains an external entity declaration in the doctype of an…
AppSec…

CSRF Code Examples and Defense

3 Mar 20193 Mar 2019
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's…
AppSec…

VFEmail Suffers ‘Catastrophic’ Hack

13 Feb 2019
Email company VFEmail suffered what they call a "catastrophic" hack that destroyed their primary and backup data for the U.S. The firm’s founder says he now fears some 18 years’…
AppSec…

Create a Backdoor with Cryptcat

23 Dec 2018
In this tutorial, I'll introduce you to netcat's popular cousin, cryptcat (she's actually much cuter and more exotic than the plain netcat). Cryptcat enables us to communicate between two systems and encrypts…
Cyber Security…

Veil – AV Evasion – Set Up and Tutorial

17 Dec 2018
Veil-Evasion is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. NOTE: ./setup/setup.sh should be re-run on every major version update. If you receive any major errors on running…
Attacks…

500 Million Marriott Guest Records Stolen

30 Nov 20188 Dec 2018
The world's biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million…
#career…

Cyber Monday Sale Starts NOW!(FOR A WEEK!!)

26 Nov 201830 Nov 2018
Yikes, yes, we are rolling out Cyber Monday deals for a week. This will hopefully make up for the lack of Black Friday deals, but maybe Black Friday has died.…
AppSec…

SQL Injection Attacks

20 Nov 2018
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd…
#Metasploit…

Payload in PDF

12 Nov 2018
Infected PDFs have always been a privileged way to infect users because this document format is very common and used by almost everyone. Moreover, it exists many ways to exploit Acrobat Reader…
#career…

Now Is The Time, Linux is the Direction

11 Nov 201824 Jan 2019
Your future matters to us @ LSB, so get into Linux and see the new world it will open for you. Created by QuBits 2018-11-11
#career…

Linux Foundation Deals For LSB Followers

25 Oct 2018
We are delighted to be able to team up with The Linux Foundation to bring you some great deals on amazing Linux courses and materials. All courses, on completion is…
AppSec…

OWASP Security Shepherd- Session Management Challenge One – Solution – LSB

12 Oct 201812 Oct 2018
We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec…

Penetration Testing – Complete Guide

10 Oct 201810 Dec 2018
What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
Attacks…

The Evil Twin Attack

8 Oct 201829 Oct 2019
I searched through many guides, and none of them really gave good description of how to do this. There’s a lot of software out there (such as SEToolkit, which can…
AppSec…

OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

27 Sep 201827 May 2019
Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
AppSec…

OWASP Security Shepherd – Insecure Cryptographic Storage Challenge 1 Solution – LSB

21 Sep 2018
Thanks for visiting and today we have another OWASP Security Shepherd Solution for you. This time it's the Insecure Cryptographic Storage Challenge. Cryptography is usually the safest way to communicate…
AppSec…

OWASP Security Shepherd – SQL Injection Solution – LSB

15 Sep 201819 Sep 2019
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec…

Create a Persistent Back Door with Kali, Netcat and Weevely

13 Sep 201811 Oct 2019
This post will dive into how we can take advantage of a vulnerability in a web application to gain access and upload a backdoor that we can connect to in…
AppSec…

OWASP Security Shepherd – Cross Site Scripting One Solution – LSB

12 Sep 201812 Sep 2018
Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS).  Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec…

OWASP Security Shepherd – Insecure Direct Object Reference Solution – LSB

10 Sep 2018
Welcome back to the Security Shepherd solutions from LSB. This was quite an interesting puzzle and it took a few tries to get the key. Insecure Direct Object Reference (called IDOR from here) occurs when…

Posts navigation

Older posts

RSS ls -a /Zer0Days

  • [local] FTP Commander Pro 8.03 - Local Stack Overflow 13 Dec 2019
  • [webapps] NVMS 1000 - Directory Traversal 13 Dec 2019
  • [webapps] Bullwark Momentum Series JAWS 1.0 - Directory Traversal 12 Dec 2019
  • [webapps] OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit) 12 Dec 2019
  • [dos] Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC) 12 Dec 2019

Follow Us

  • Twitter
  • Facebook
  • Tumblr
  • Reddit

RSS Crypto News

  • Tezos (XTZ) Hits New High for 2019, Market Cap Tops $1.4 Billion 13 Dec 2019 Ankit Singhania
  • Binance Adds Fiat Payment Options With Paxful Partnership 12 Dec 2019 Caileam Raleigh
  • Ripple Upgrades Xpring Platform to Boost XRP Development 11 Dec 2019 Caileam Raleigh
  • Matic Network (MATIC) Slumps After Rallying Earlier This Year 11 Dec 2019 Ankit Singhania
  • SEC Seeks British Assistance in Getting Testimony of Ex-Telegram CIO 10 Dec 2019 Caileam Raleigh

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,212 other followers

ls /categories

AppSec Attacks Bugs Cryptography Cyber Security Education Encryption Entertainment Exploits Hacking Linux Open Source Operating Systems OWASP Penetration Testing Privacy Security Technology Tips Tutorials

ls /comments

Security Stack Sheet… on OWASP Security Shepherd- Sessi…
How To Fully Anonymi… on How To Fully Anonymize Your Sy…
Linux Security Blog… on How To Fully Anonymize Your Sy…
psychocod3r on How To Fully Anonymize Your Sy…
QuBits on How To Fully Anonymize Your Sy…
Linux Security Blog… on How To Fully Anonymize Your Sy…

Linux E-Learning Courses

Hyperledger Fabric Fundamentals (LFD271)

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 - INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!

$199 ENROLLS YOU INTO OUR SELF PACED COURSE - LFS264 - OPNFV FUNDAMENTALS!

ENROLL TODAY IN THE SELF PACED COURSE - LFS263 - ONAP FUNDAMENTALS FOR $199!

$299 WILL ENROLL YOU IN OUR SELF PACED COURSE - LFS205 - ADMINISTERING LINUX ON AZURE!

BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!

SPEND $199 AND ENROLL IN OUR SELF PACED CONTAINERS FUNDAMENTALS COURSE (LFS253)!

$199 ENROLLS YOU INTO THE CONTAINERS FOR DEVELOPERS AND QUALITY ASSURANCE COURSE (LFS254)!

ENROLL TODAY IN THE DevOps Fundamentals: Implementing Continuous Delivery SELF PACED COURSE! $199

ls -a -v /community

Most Visited

  • Best Darkweb Links
    Best Darkweb Links
  • Hacking Android With Metasploit
    Hacking Android With Metasploit
  • Python Scripting  For The Ethical Hacker
    Python Scripting For The Ethical Hacker
  • The Darknet 2019
    The Darknet 2019
  • Payload in PDF
    Payload in PDF
  • D@rk Web L1nk$
    D@rk Web L1nk$
  • The Hidden Wiki
    The Hidden Wiki
  • BlueKeep - Exploit Windows (RDP Vulnerability) Remotely
    BlueKeep - Exploit Windows (RDP Vulnerability) Remotely
  • How To Fully Anonymize Your System
    How To Fully Anonymize Your System
  • Exploring the Hacker Tools of Mr. Robot
    Exploring the Hacker Tools of Mr. Robot

Archives

Follow ls /blog on WordPress.com

We Use Social Media

  • Twitter
  • Reddit
  • Facebook
  • Tumblr
  • Pinterest
  • YouTube
Create a website or blog at WordPress.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
Cancel