Skip to main content

Test your skills with PentesterLab Exercise!

One of my personal favorite and the best platform to test your skill is PentesertLab. But before we begin there is some basic knowledge and skills you need to know before we start.

PentesterLab Exercise!


First thing first you must know :

1. Basic CLI (Command Line Interface) Linux
2. Some programming language skills, e.g HTML, PHP, Python or other language that are related with it.

And the tools...

1. BackTrack Linux - One of the best penetration distribution among pentester and got a lot of tools.
2. Metasploit - Is most popular hacking tools that widely use among the pentester.
3. Nmap - Free tools for host discovery, port scanner and etc.

There's a lot of exercises that we can do, forgot to mention you must either install VirtualBox or VMware player in order to run the platform is you already done that, then we ready to go. Also there is whitepaper for your reference before you begin the exercise. You might want to read this in case your forgot, might come in handy! :D

Best book ever!


Have fun & Happy Hacking!

Comments

Post a Comment

Popular posts from this blog

List of SQLMAP Tamper Scripts

Just re-post one of my visited reference blog post: Original URL: http://www.forkbombers.com/2016/07/sqlmap-tamper-scripts-update.html Name Description Example apostrophemask.py Replaces apostrophe character with its UTF-8 full width counterpart '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871' apostrophenullencode.py Replaces apostrophe character with its illegal double unicode counterpart '1 AND %271%27=%271' appendnullbyte.py Appends encoded NULL byte character at the end of payload '1 AND 1=1' base64encode.py Base64 all characters in a given payload 'MScgQU5EIFNMRUVQKDUpIw==' between.py Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' '1 AND A NOT BETWEEN 0 AND B--' bluecoat.py Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator 'SELECT%09id FROM users where id LIKE 1' chardoubleencode.py Double url-encodes all character
2 comments
Read more

Create a session & restore abort/interrupted session in John The Ripper!

Been busy with report writing. Just wanna put some of these command and technique on how to restore interrupted session or aborted session in John The Ripper. 1. First step crack the hash with these commands : john --session=test --format=raw-sha --incremental=rockyou test.txt 2. To restore the abort /interrupted session that you wanted to resume just run these commands : john --restore=test Check the "test.log" Note:  Make sure that these file are not delete " .rec " and " .log " files if the file is deleted or missing it wont work. That's all happy cracking!
Post a Comment
Read more

iOS - Convert .app to .ipa

While doing a iOS Security Testing, I wondered how do we convert .app into .ipa. So basically here are the structure of .ipa files. 1. First, SSH in your iPhone (Jailbroken). 2. Download the .app folder via scp  3. Copy the .app folder into a folder called Payload. 4. Compress it with .zip extension using any compression software. 5. Change the extension from file.zip to file.ipa. That’s it. Now you can use these .ipa files to install the app into your iPhone.
Post a Comment
Read more