Tag: pentesting

Penetration Testing Linux Servers with Hydra for SSH Login

~ Tom's IT Cafe ~ Leave a comment

Disclaimer: This article is intended solely for educational and authorized penetration testing purposes. Unauthorized access to systems is illegal and punishable by law. Always have explicit permission before attempting any form of testing on a system.

Linux servers are a backbone of today’s internet infrastructure, supporting critical operations for countless organizations. While Linux is known for its robust security features, misconfigurations and weak credentials can still leave servers vulnerable to unauthorized access. Hydra, a powerful network login cracker, is commonly used by penetration testers to assess the strength of SSH login credentials on Linux servers.

Continue reading “Penetration Testing Linux Servers with Hydra for SSH Login”

The Role of Red Teams and the Significance of Periodical Penetration Tests for Online Businesses

~ Tom's IT Cafe ~ 1 Comment

In the rapidly evolving landscape of cybersecurity, businesses face constant threats from malicious actors seeking to exploit vulnerabilities and compromise sensitive information. To counter these threats, organizations employ various strategies, one of which involves employing Red Teams and conducting periodic penetration tests. In this blog post, we will delve into the concept of Red Teams, their responsibilities, and the critical role of periodical penetration tests in safeguarding online businesses.

Continue reading “The Role of Red Teams and the Significance of Periodical Penetration Tests for Online Businesses”

TryHackMe | Simple CTF – Modern Solution (2023) Working Exploit With Docker.io

~ Tom's IT Cafe ~ Leave a comment

If you have been doing the TryHackMe Simple CTF challenge recently, you may have ran into the problem that the original exploit is written in Python 2 for Ubuntu 18.04. The script can be converted or rewritten to Python 3, but my Debian Bookworm attack box had issues running it and showing the result. I came up with a quick solution using docker.io.

Continue reading “TryHackMe | Simple CTF – Modern Solution (2023) Working Exploit With Docker.io”

How to Penetration Test Linux Services with Hydra

~ Tom's IT Cafe ~ Leave a comment

Hydra is a powerful tool that can help you perform penetration testing on various network services. Hydra can brute-force passwords for more than 50 protocols, such as telnet, FTP, HTTP, HTTPS, SMB, and databases. Hydra was developed by the hacker group “The Hacker’s Choice” and released in 2000 as a proof of concept tool. Hydra is also a parallelized login cracker, which means it can make multiple connections at the same time and reduce the time required to crack a password.

This blog post is intended to provide an educational introduction about a penetration testing tool. The tool is designed to help security professionals and ethical hackers identify and exploit vulnerabilities in web applications. The author does not condone or encourage any illegal or malicious use of the tool. The readers are solely responsible for their own actions and the consequences of using the tool.

Continue reading “How to Penetration Test Linux Services with Hydra”

How to Penetration Test Linux Passwords with John the Ripper – Ethical Hacking / Penetration Testing

~ Tom's IT Cafe ~ 1 Comment

If you are a penetration tester, you might need to crack passwords on Linux systems as part of your engagements. One of the tools you can use for this purpose is John the Ripper (JtR), an open source password cracker that supports many encryption and hashing algorithms.

This blog post is intended to provide an educational introduction about a penetration testing tool. The tool is designed to help security professionals and ethical hackers identify and exploit vulnerabilities in applications. The author does not condone or encourage any illegal or malicious use of the tool. The readers are solely responsible for their own actions and the consequences of using the tool.

Continue reading “How to Penetration Test Linux Passwords with John the Ripper – Ethical Hacking / Penetration Testing”

Why Penetration Testing Is Not a Full Security Solution and How the Local Security Team Does Not Follow the Recommendations

~ Tom's IT Cafe ~ 2 Comments

Penetration testing is a valuable tool for assessing the security posture of an organization. It simulates real-world attacks and identifies vulnerabilities that could be exploited by malicious actors. However, penetration testing alone is not enough to ensure a comprehensive security solution. There are several limitations and challenges that need to be addressed in order to maximize the benefits of penetration testing.

Continue reading “Why Penetration Testing Is Not a Full Security Solution and How the Local Security Team Does Not Follow the Recommendations”

Penetration Testing the OWASP Juice Shop: Exploring SQL Injection with Burp Suite

~ Tom's IT Cafe ~ 3 Comments

Welcome to the first installment of our restarted blog series, where we dive into the fascinating world of penetration testing. Today we focus on the OWASP Juice Shop application. In this series, we will explore various vulnerabilities within the Juice Shop and demonstrate how to exploit them to enhance your security testing skills. Today, we begin with one of the most common and dangerous web application vulnerabilities: the SQL injection.

Continue reading “Penetration Testing the OWASP Juice Shop: Exploring SQL Injection with Burp Suite”

How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!

~ Tom's IT Cafe ~ 2 Comments

In this presentation we will crack the password of a general Linux user via SSH in our personal lab. The machine from which we start the attack is a Kali Linux box, and the attacked machine is an ordinary Debian Linux on which a user set a weak password. Unfortunately the security settings are weak on the target host, so we have a great chance for success. We already know the name of the user.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!”

How to install a Debian Linux Penetration Testing machine?

~ Tom's IT Cafe ~ Leave a comment

There are excellent Linux distributions for Cyber Security professionals like Kali. They ship all the the bells and whistles that is needed for the tasks. If we want to learn how to put together our own Penetration Testing system we can use a fresh Debian Linux box. I created a small setup from the NetInstall iso starting from the defaults.

Continue reading “How to install a Debian Linux Penetration Testing machine?”