Tag: hacking

How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!

~ Tom's IT Cafe ~ Leave a comment

With Burp Suite we can initiate dictionary attacks against a website. This time in this simulated attack we will brute force the login field of the Juice Shop web application. We already know the email address of an admin user, so we have to make sure to find the right password.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!”

How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!

~ Tom's IT Cafe ~ 1 Comment

In this article we will investigate other functionalities of the Cyber Security test tool Hydra. In one of the previous articles we cracked a user password on a Linux system through SSH. In this example we do not know the exact username of any FTP user. We will create a list of possible usernames along our password list. All of these operations happen in a personal lab.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!”

How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!

~ Tom's IT Cafe ~ Leave a comment

The OWASP Top 10 is a standard awareness document that lists the most common weaknesses of modern web applications. Burp Suite will help our application security testing along the Developer Mode of the browser. We will break in to the OWASP Juice Shop, the most modern and sophisticated insecure web shop.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!”

How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!

~ Tom's IT Cafe ~ 2 Comments

In the first part of this series we found out a user’s password with Hydra with simply attacking his account via SSH. It is a so called “dictionary attack”, and because of the lack of security measurements we could get into the remote system.

In this exercise we continue our Ethical Hacking journey and we will find a way to get root privileges on the remote machine. This is called privilege escalation.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!”

How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!

~ Tom's IT Cafe ~ 2 Comments

In this presentation we will crack the password of a general Linux user via SSH in our personal lab. The machine from which we start the attack is a Kali Linux box, and the attacked machine is an ordinary Debian Linux on which a user set a weak password. Unfortunately the security settings are weak on the target host, so we have a great chance for success. We already know the name of the user.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!”