Pen Testing For Beginners

I started my journey to become a pen tester about a year ago. I began working in IT as a software tester about two years ago. Prior to this I was a special needs teacher for 17 years with a specialism in science. I know. What the hell am I doing? Well I actually really […]

Migrating a Meterpreter Shell To Another Process

Once you get a meterpreter shell it is important to try and hide the process in an attempt to gain persistence. First of all, make a note of the session number and then background the meterpreter session by issuing the background command background Then migrate the meterpreter process to another session. Do this by using the following […]

Hashcat basics

The following is specific to Kali Linux. After recovering hashes from the target create a text file with the hashes separated by a new line. Save it in the current working directory as something like hash.txt. Make sure you have unzipped the rockyou.txt password list as this is the password file we will be using […]

Copy files onto the target machine using wget and a webserver

Once you have a reverse connection using a Netcat listener you can use the following technique to copy files onto the target machine e.g.: cp /usr/share/exploitdb/platforms/linux/local/9545.c /var/www/html This will copy an exploit into Kali’s web root directory Run the following to ensure your Apache webservice is running: service apache2 start service apache2 status Move back […]

Manual SQL Injection

So you suspect a page might be vulnerable to SQL Injection but before you run it through SQLmap, you can try the following statements to manually test the input: The intention is for this post to grow over time and become a repository of all the sucessful manual injection points  I use. ‘ admin’ or […]

How to install and use the Reconscan python script in Kali

So you’ve been doing some research into preparing for the OSCP Penetration Testing with Kali course and certification. You have discovered that in order to stand a good chance of doing well in the exam it pays to become proficient in enumeration. Enumeration is the process by which the pen tester discovers as much as […]