A Docker image that runs Chromium headless with SSLKEYLOGFILE set, opens an HTTPS page and dumps the decrypted TLS traffic to the terminal. Also runs in Play with Docker. Pull and run docker run --net host deanturpin/ssldump Dockerfile FROMkalilinux/kali-linux-dockerRUN apt updateRUN apt install -y chromiumRUN apt install -y ssldumpRUN apt install -y psmiscCMD \ # Kill the ssldump in the future or the container won't terminate ((sleep 10s && killall ssldump && cat ~/dump. [Read More]
Creating a Linux password hash like you find in
mkpasswd --method=sha-512 --salt=Kf0TqvhN
Cracking a KeePass2 master password with John the Ripper.
john <(keepass2john easy.kdbx)
Search tools Use different search engines Banner grab httrack inspy metagoofil intitle:“index of” DNS poison/spoof Infosec websites https://www.hackthissite.org/pages/index/index.php - website hacking training https://www.shodan.io/ - the IoT search engine https://searchdns.netcraft.com - what’s that site running? https://www.exploit-db.com/searchsploit https://pipl.com/ https://haveibeenpwned.com/ https://wigle.net/ https://www.peekyou.com/ https://www.spokeo.com/ https://radaris.com/ https://piknu.com/ Considerations Language vulnerabilities Common cyber attacks Tor Crypto attacks - frequency analysis Data encryption standard AES advanced encryption standard Substitution permutation network Kali Linux Vulnerability research with reverse engineering, penetration testing and ethical hacking Low level Linux programming and/or comprehensive knowledge in operating system security and associated network/platform design, hardening and deployment. [Read More]
Creating a rogue Wi-Fi access point
Using a Kali Linux bootable USB drive
Disclaimer: I think it goes without saying that you should only be doing this sort of caper on networks you own. But if nothing else it should disuade you from using public Wi-Fi networks. Download the latest Kali Linux ISO and create a bootable USB drive. Restart your computer and boot into Kali via the BIOS. You need two network connections so tether your phone with a cable leaving the built-in Wi-Fi for your rogue access point. [Read More]
Security through absurdity
It was recently suggested that I consider using “unusual [TCP] ports” at work as a security measure. After I got my breath back I found these quotes. Security experts have rejected this view as far back as 1851. Rogues are very keen in their profession, and know already much more than we can teach them. System security should not depend on the secrecy of the implementation or its components. [Read More]
Imagine you're a browser...
Technologies and protocols
An example of technologies encountered when a browser requests a page from a server. In this case the browser is running on a laptop connected by Wi-Fi. Forming a request User types a URL into the browser: github.com Host performs DNS resolution to convert the URL into an IP address (the web server) The DNS server (and host IP) could be set manually but it will probably be part of a DHCP offer The application (browser) attempts a TCP connection with the server IP If no protocol is specified (http, https, ftp) the browser will default to 80 The browser must now work out how to reach the server The netmask is ANDed with the host IP address, if they’re on the same network then the request can be emitted immediately Otherwise, the host must send the packet via the default gateway (also configured by DHCP) The information makes its way down the TCP stack Layer two adds the MAC header Frame is transmitted between devices Frame is encrypted as it is transmitted through the air At the gateway the request makes its way back up to the TCP layer where it can be forwarded to the next gateway The browser will probably be running from a private network so the router must translate the local to the WAN network (NAT) Reaching the server Upon reaching the destination the server will probably send a redirect to the HTTPS version of the website (. [Read More]