cybersecbits

a vulnerable FTP Server in the wild

Background

This was discovery by chance.

I was giving a workshop and while demonstrating some features of nmap i justused the name of a company in the area.

Without intending this there where some things to discover and to learn.

Obviously I informed the company immediatly of my findings and … Read more

27
Mar

Anonymous – a tryhackme.com writeup

A quite minimalistic CTF from tryhackme.com – lets dive right in:

What does nmap say?

sudo nmap -sV 10.10.51.126

There we have the first answers to the challenge: 4 Services are running, FTP on 21 and smb on 139 and 445.

Now we need to look at the smb shares:… Read more

11
Mar

theHarvester – looking for all there is

What is it for?

we already talked about sublist3r – theHarvester goes some steps further.

you can find theHarvester on Github or install it through apt if you are on kali.

It is also an OSINT tool but covers a broader area than sublist3r.

theHarvester tries to find subdomains, email … Read more

10
Mar

hydra – the multi-protocol online cracker

What is it?

when you want to buteforce an online service – hydra is one of the go to tools.

It supports a wide spectrum of services: ssh, mysql, ftp http-forms and many more.

You can use wordlists for both usernames and passwords or you can use the bruteforce feature.… Read more

08
Mar

Burp Suite – owning the web traffic Part 1

What is it?

Burp suite is certainly one essential tool in your web application related toolbox.

It lets you intercept web traffice, alter, reply and compare it and much more.

So very useful and a bit complex at first. Lets look into it

Preperations

Since you will be using Burp … Read more

03
Mar

hunter.io – finding emails and patterns

What is it?

This is gonna be a short one.

hunter.io is a web portal where you can potentially find email adresses, roles and oganisations and email patterns for a given company.

It is widely used by sales and marketing departments.

But it is also a valuable tool for collecting … Read more

27
Feb

nmap – portscanning unleashed – the basics

What is it?

nmap is a portscanner.

nmap means “network mapper” so nmap can be used to map out networks

The amazing thing is the amount of features it provides to help you gather all kinds of information.

It is one of the tools that grows on you as you … Read more

24
Feb

sublist3r – finding subdomains

What does it do?

sublist3r helps you finding subdomains for a given domain.

It uses a bunch of openly available sources to do that and is therefore a passive tool.

You can find it on github or if you are using Kali you can just install it through apt.

Why

10
Feb

sherlock – the social media stalker

What is it for?

sherlock is another OSINT tool.

You can find it here on Github or install it through apt if you are on kali.

Sherlock allows you to search a huge number of social networks for a username.

Imagine you know someones username on facebook. You could assume … Read more

08
Feb