Tag: cracking

Fortifying Our Application: Preparing Against the OWASP Top 10

~ Tom's IT Cafe ~ Leave a comment

The OWASP Top 10 is a widely recognized list of the most critical security risks for web applications. It is updated every few years based on data analysis and community feedback. The latest version, released in 2021, introduces some new categories and changes some existing ones to reflect the current threat landscape.

As developers, we should be aware of these risks and take steps to prevent them in our applications. In this blog post, we will briefly review each of the OWASP Top 10 categories and provide some best practices and resources to help us secure our code.

Continue reading “Fortifying Our Application: Preparing Against the OWASP Top 10”

How to Penetration Test Linux Passwords with John the Ripper – Ethical Hacking / Penetration Testing

~ Tom's IT Cafe ~ 1 Comment

If you are a penetration tester, you might need to crack passwords on Linux systems as part of your engagements. One of the tools you can use for this purpose is John the Ripper (JtR), an open source password cracker that supports many encryption and hashing algorithms.

This blog post is intended to provide an educational introduction about a penetration testing tool. The tool is designed to help security professionals and ethical hackers identify and exploit vulnerabilities in applications. The author does not condone or encourage any illegal or malicious use of the tool. The readers are solely responsible for their own actions and the consequences of using the tool.

Continue reading “How to Penetration Test Linux Passwords with John the Ripper – Ethical Hacking / Penetration Testing”

How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!

~ Tom's IT Cafe ~ 1 Comment

In this article we will investigate other functionalities of the Cyber Security test tool Hydra. In one of the previous articles we cracked a user password on a Linux system through SSH. In this example we do not know the exact username of any FTP user. We will create a list of possible usernames along our password list. All of these operations happen in a personal lab.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!”

How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!

~ Tom's IT Cafe ~ Leave a comment

The OWASP Top 10 is a standard awareness document that lists the most common weaknesses of modern web applications. Burp Suite will help our application security testing along the Developer Mode of the browser. We will break in to the OWASP Juice Shop, the most modern and sophisticated insecure web shop.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!”

How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!

~ Tom's IT Cafe ~ 2 Comments

In the first part of this series we found out a user’s password with Hydra with simply attacking his account via SSH. It is a so called “dictionary attack”, and because of the lack of security measurements we could get into the remote system.

In this exercise we continue our Ethical Hacking journey and we will find a way to get root privileges on the remote machine. This is called privilege escalation.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!”

How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!

~ Tom's IT Cafe ~ 2 Comments

In this presentation we will crack the password of a general Linux user via SSH in our personal lab. The machine from which we start the attack is a Kali Linux box, and the attacked machine is an ordinary Debian Linux on which a user set a weak password. Unfortunately the security settings are weak on the target host, so we have a great chance for success. We already know the name of the user.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!”