Penetration Testing

22Nov 2016

Every week we try to share techniques and tools to attack the most common services used by companies all around the World, such as Apache, MySQL, PostgreSQL, etc. In this episode, Gianni turns his attention to Samba. After a short introduction to learn how to find all the computers that have open shares, he moves […]

15Nov 2016

Among the many Object-Relational DBMS (ORDBMS) out there, one of the most popular ones is PostgreSQL. PostgreSQL, often referred to as Postgres, is an open-source Object-Relational DBMS supporting almost all SQL constructs. In this episode, Gianni explains how to attack a PostgreSQL database, read and write files via SQL, use weak permissions to get code execution […]

08Nov 2016

In the recent weeks, the entire security community has been shocked by two serious security vulnerability affecting all Joomla versions from 3.4.4 to 3.6.3: CVE-2016-8870 and CVE-2016-8869. Combining these vulnerabilities, an attacker can create a privileged user and potentially own the server hosting the Joomla webiste. In this episode, Gianni shows how to attack a Joomla […]

25Oct 2016

Among the skills that a penetration tester must have there is the ability to attack passwords and crack hashes. In this episode of #HackOnTuesday, we go through some tools and techniques to attack weak passwords for the most common services such as FTP, Telnet and SSH, just to name a few. After having cracked several passwords, Gianni […]

29Sep 2016

Metasploitable is a vulnerable VM created to practice common penetration testing techniques. In this episode of #HackOnTuesday, Gianni shows how to discover hidden directories and files on a webserver, how to exploit an information disclosure in TikiWiki 1.9.5 and get critical information about the database, how to find misconfigurations in the system, and last but not […]