In this post we’ll take a look at how to setup Apache, MySQL and PHP on Windows and Linux. This setup is mainly for a series of SQL injection labs that I’ll be posting in the upcoming days (you’ll find the link for the HTML/PHP below). For this reason, it will be a development setup not a secure one. 😉
Creating MySQL user, database and grant privileges
Download HTML/PHP pages and configure it properly
Since I’ll be doing a series of SQL injection posts, I figured it would make sense to create this post given that understanding the installation process, database users/permissions all contribute to the vulnerability.
In this episode we’ll take a look at brute-forcing a VeraCrypt container using Hashcat.
For starters I want to say that I’m a huge VeraCrypt fan and use it all the time, for a long time. Long enough to remember when it was, originally, called TrueCrypt before the project was abandoned.
I caught myself thinking: how long would it actually take to brute-force specific password masks? That’s when I decided to put it to the test using Hashcat and an operating system equipped with a graphics card.
In this video we’ll take a look at how to do ARP spoofing attack using Scapy!
If you’re interested but have no idea what Scapy is and wondering why we aren’t using [enter tool name here] to do this, then I suggest checking out my previous post “Introduction to Scapy“. To sum it up, I guess we are interested in doing this in a raw way to learn as much possible from the protocols and how they work.
What is ARP Spoofing?
ARP spoofing is a technique used to put yourself in a man-in-the-middle position between a target and gateway. The address resolution protocol (ARP) uses broadcast and replies to translate an IPv4 address into a MAC address. Decades ago, hackers figured out it’s possible to spam the network with spoofed ARP replies pretending to be another client on the network; which leads to all the traffic for that client to be intercepted by the attacker.
If you’re unfamiliar with these protocols and terminologies, believe me, it’s not all that complicated. This is one of the things that become easier to understand once you see it taking place. I recommend setting up Wireshark first and perhaps just observe how ARP works in its natural form. You will see broadcasts asking “What is the MAC address for this IP?”, followed by replies from clients “Hey that’s me, here is my MAC address!”.
From that point on we can simply tell the router “Hey my MAC address is xx:xx” (where xx:xx is the target client’s MAC address) and do the same thing to the router making them think we are the target client.
Hope y’all been alright lately. I’ve been studying a bunch as part of a certification package I was awarded – focused on network security. While I’m excited to do it and learn a lot of cool stuff, it’s also draining pretty much all my free time.
While I’ve been doing this certification I’ve had to dive deep into a lot of theory-oriented network stuff like frames, packets and all those meaningless terminologies. It’s so much theory that I had to install Scapy just to see some of these packets in action and get hands-on with the damn thing – I mean seriously if you’ve taken some of these certs you’re probably used to how dry and boring it gets just reading about protocols and not actually doing anything.
Anyway we are here to talk about Scapy today and not my boring life 🙂
What is Scapy?
To put it simply, its a packet sniffing and crafting program. There is a lot more you can do with it like decoding certain protocols and interacting with Wireshark captures among other cool things (see the documentation page).
Recent Comments