My name is Jason. This is the stuff that I do.
I wrote a previous post about a password breach database that I was able to find online. Since then I’ve found many more, and I’ve been using them to compile word lists for password cracking. Good word lists when combined with a tool like Hashcat or John are vital for any penetration testser, and what…
Read More “Creating Password Word Lists from Breach Dumps in Linux” »
For years there’s been a flaw in the way some Linksys access points facilitate access for guest users. A bit of research reveals complaints of this method dating back to 2013, and apparently the problem still hasn’t been fixed on some modern Linksys access points. Nearly every access point on the market advertises a WPA2-PSK…
Read More “Hacking Guest Wi-Fi Portals on Linksys Access Points” »
Recently I stumbled upon a very cheap adapter for a Raspberry Pi (or any other device that requires 5V @ 2.5A via micro USB) that supplies both power via only POE and Ethernet pass-through to a Raspberry Pi, including the latest model, the 3B+. This gave me an idea to create a “headless” (no keyboard,…
Read More “Building a POE-Powered Kali Pi Drop Box with Reverse Shell for Remote Hacking” »
I recently stumbled upon a large collection of account names and passwords that have been harvested from the various data breaches over the past 10 or so years. This data comes from Yahoo, Target, Facebook, Hotmail, Twitter, MySpace, hacked PHPBB instances, and many, many more places. Each account name is in the form of an…
Read More “1.4 Billion Leaked Passwords in Over 40GB of Data” »
This is part two in our series that takes a look at Active Director reconnoissance with a free tool called AD Explorer, and is interesting because we can do so having only obtained basic user credentials for any user account on the AD domain we’re targeting. If you missed part one, go back and have…
Read More “Active Directory Reconnoissance with User Permissions – Part 2” »
Not a lot of people may know this, but even someone with only “Domain User” credentials can read a whole lot of information about Microsoft Active Directory from their personal machine without any sort of administrative credentials. The machine doesn’t have to belong to the domain in order to do this – all that’s needed…
Read More “Active Directory Reconnoissance with User Permissions” »
Showing Only IPs of Active Hosts / Output to File There may be a need to output only the IP addresses of the active hosts on a subnet. We can strip out all of the nmap standard output except the IP address of each active host with the following command: nmap -n -sn 192.168.56.0/24 -oG…
After having using Tenable Nessus years ago, I decided to give OpenVAS a spin. Open VAS, like Nessus, is a vulnerability scanner. Unlike Nessus, OpenVAS is open source and free to download and use. I was surprised when I saw that it wasn’t included with the base installation image of Kali Linux, although after performing…
nmap is a free, open source, and very powerful security scanner. It’s used to discover hosts on a network, provide information about what types of services might be running on those hosts and even what version of service software is running, provide operating system fingerprinting capabilities, and many other useful features. The primary features can…
Kali Live USB is great, but doesn’t it suck that all of the changes that you make in the live boot environment are wiped when you shut it down? That doesn’t have to be the case, thanks to a feature called persistence. Persistence allows us to customize and configure desktop and user options, install additional…
Read More “Creating an Encrypted Persistent Kali Linux USB Drive” »
