Hello Everyone, this is the final VM from the kioptrix series and to be frank, I enjoyed it the most(I was frustrated though). Download:https://www.vulnhub.com/entry/kioptrix-level-13-4,25/ As usual getting the IP was the first thing. Netdiscover plays the trick. After getting IP I scanned with nmap. netdiscover -r 10.0.2.0/24 Here port 80 is open so I scanned it with Nikto. Nikto -h http://10.0.2.20 I used some default credentials to log in and I found out that the login page was vulnerable to SQL injection. (Try ‘ ) Again on Port 445, I can see samba running(samba is the best low ha ..read more

Hello Everyone, this walkthrough is of 3rd series of Kioptrix VM. You can download it from here. After installing it, you need to edit your host file and point the IP to kioptrix3.com. In linux, you can edit using cat /etc/hosts. As usual, I started with: #netdiscover -r 10.0.2.0/24 Ok so I got my target IP, next started scanning with the help of nmap and ran Nikto after that for extra information. Ok, so port 80 is running as I had already edited my host file I can redirect myself via writing IP address or kioptrix3.com in the web browser. After little googling, I found out that LotusC ..read more

Hello Everyone, the previous post was walkthrough of level 1 of Kioptrix series. In this blog, I am going to post walkthrough of Kioptrix 1.1 which is 2nd in the series. So without wasting our time, let’s get started. Just like the last machine, I was being greeted by this login page. First work was to find the IP Address of my target, Like always I used “netdiscover” and got target IP as 10.0.2.11. After getting the IP address, next work was to scan the target. I scanned it with the help of “nmap“. OK so port 80 was open, I browse the port and was greeted by a login page. I tried bli ..read more

Kioptrix is one of the best series for those who are trying to make their way for Penetration Testing. Even it is recommended for a lot of certification including OSCP. This walkthrough is of Kioptrix 1 Download:https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ I was using Vbox and I faced some problem during installation of Kioptrix on VBox.I followed these steps to let it run. 1. Create the new Virtual Machine without choosing any disk. 2. Under the setting tab, select storage, Under the IDE controller add the new existing disk (select your VMDK file of Kioptrix). 3. #Setting>ports> ..read more

..read more

Netcat(popularly known as NC) is feature-rich network debugging and investigation tool with tons of built-in capabilities for reading from and writing to network connections using TCP or UDP. Its Plethora of features includes port listening, port scanning & Transferring files due to which it is often used by Hackers and PenTesters as Backdoor. Netcat was written by a guy we know as the Hobbit <hobbit@avian.org>. Some of netcat’s major features are: Outbound or inbound connections, TCP or UDP, to or from any ports Full DNS forward/reverse checking, with appropriate warnings Ability t ..read more

  The advantage of Nmap Scripting Engine (NSE) is that it adds a lot of automated features in nmap to automate a wide variety of networking tasks.Here in this post I am using some of the most commonly used NSE scripts for Penetration Testers. 1.–script http-enum It performs Brute Force on a server path in order to discover web applications in use.It tests more than 2000 server Path.The working of this NSE script is similar to NIKTO. 2.–script http-title It Shows the title of the default page of a web server. 3.–script dns.brute It is used to find the Sub-Domains of the Website. 4. –scr ..read more

What is SSH??? SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer.The best known example application is for remote login to computer systems by users. Here with the help of Metasploit and Medusa,I tried to get the Password of SSH.   Happy Learning:) Visit: http://www.azureskynet.com ..read more

Enumeration is the very first key step to hack/pen Test any vulnerable Target. In today’s blog, we are going to enumerate the Metasploitable 2 machine.For this, we are going to use some commands like Netdiscover, Nmap,rpcclient & enum4linux. In this part of the Metasploitable 2 enumeration tutorial, we will be enumerating the running services, accounts and perform an open port scan. We will be using Nmap to scan the virtual machine for open ports and we will be fingerprinting the connected services. I am using kali linux for Enumeration and my metasploitable IP is 192.1 ..read more

Hi..In this tutorial, I am going to show you; How to hack windows 7 with the vulnerability of Internet Explorer. This Tutorial is for Educational Purpose only. The exploit used is MS10_046.To use this website simply type “msfconsole” at your kali terminal and then type ” search MS10_046“. Visit: http://www.azureskynet.com Youtube:https://www.youtube.com/c/manishbhardwaj Happy Learning ..read more