Freaks City

Authentication Vulnerabilities Exploiting Weak Credentials The first challenge involves bypassing authentication through brute force techniques. The objective is to identify valid credentials by testing common passwords against a target login interface. To execute this attack, an interception proxy like Burp Suite is essential. Capture the init ...

Metasploit Windows Remote Exploitation This section demonstrates exploiting the MS08-067 vulnerability (CVE-2008-4250), a critical Windows SMB service remote code execution vulnerability affecting port 445. Target Environment Attacker machine: Kali Linux at 192.168.20.129 Target machine: Windows 2000 at 192.168.20.132 Exploitation Process Lau ...

System Overview The Sec-Tools platform is a versatile web penetration testing suite developed using the Python-Django framework. It integrates a wide array of security modules, including vulnerability detection, directory brute-forcing, port scanning, fingerprinting, subdomain discovery, and information leakage assessment. By centralizing these ...

Understanding SSRF Attacks Server-Side Request Forgery (SSRF) occurs when a application allows users to supply URLs or IP addresses that the server will then request data from. This vulnerability arises primarily when web applications provide functionality to fetch resources from external sources without properly validating or sanitizing the ta ...

Platform: VirtualBox Attacker System: Kali Linux (IP: 10.0.2.15) Target System: Hacker_Kid (IP: 10.0.2.42) Objective: Obtain root privileges and capture the flag. Reconnaissance and Scanning Initial host discovery was performed using Nmap to identify the target IP address. Subsequently, a port scan revealed three open services: Port 53 (DNS) P ...

1 File Upload Vulnerability Overview File upload functionality is a common feature in virtually all web applications and server-client systems. Users need to upload images for articles and blog posts, profile pictures, or various files to cloud storage services. If servers lack proper filtering mechanisms, allowing webshells, executable files, ...

Environment Setup Network Configuration Two network adapters required: External network: 192.168.157.0/24 Internal network: 192.168.183.0/24 Windows 7 Configuration Start the Win7 VM and the Domain Controller first. Do not start the web server yet. Credentials: Dotest123 Navigate to Control Panel → Power Options Set all power-saving features ...

Establishing a controlled wireless testbed requires specific hardware and software configurations to safely execute experiments. A penetration testing workstation running Kali Linux serves as the attacker machine, while a secondary device operates as the target. The infrastructure typically includes a wireless router capable of WEP/WPA/WPA2 con ...

NTLM Hash Relaying In modern Windows domains, direct plaintext credential extraction is increasingly difficult due to mitigations like KB2871997 and the default disabling of WDigest caching. How ever, attackers can bypas password cracking entirely by reusing captured NTLM authentication hashes—without ever needing to decrypt them. This techniqu ...