Metasploit: Finding Password in Windows Password Hash File

With the meterpreter shell session open meterpreter > hashdump The contents of the target system’s password hash file are output to the screen. Administrator:500:CEEB0FA9F240C200417EAF40CFAC29C3:D280553F0103F2E643406517296E7582::: User1:1011:7584248B8D2C9F9EAAD3B435B51404EE:186CB09181E2C2ECAAC768C47C729904::: User2:1012:AC5BA6A944526699AAD3B435B51404EE:F07A9DFFFC2C5C7F9D9EBC83FD69D68E::: User3:1013:E7EED3F5C2C85B88AAD3B435B51404EE:6AA15B3D14492D3FA4AA7C5E9CDC0E6A:::<123 Each field is separated with colon. The fields are: 1st field: username (Administrator, User1, etc.) 2nd field: Relative Identification (RID): last 3–4 digits of the Security Identifier (SID), which... Continue Reading →

Web Application Vulnerability Testing Checklist

Need help combating vulnerabilities? Click here for the ultimate web application vulnerability testing checklist to make sure your app is secure! In this article, we will present the top tips for testing vulnerabilities in your web application. Let's get started! Information Gathering/Recon Retrieve and analyze the robot.txt files by using a tool called GNU Wget.Examine... Continue Reading →

How to Implement DNS Enumeration

DNS enumeration offers TONS of helpful info on public servers, including IP addresses, server names, and purposes. Let's take a closer look. DNS offers a variety of information about public organizations servers, such as IP addresses, server names, and server purposes. Let's take a closer look at how to implement our own DNS enumeration. Interacting... Continue Reading →

Hacking a Web Application: Authentication

Want to learn more about web application hacks and authentication? Check out this post to gain valuable insight on data attacks and password quality. Test Password Quality Review the password requirementsAttempt to set various kinds of weak passwords, using any self-registration or password change functions to establish the rules actually enforced.Test for incomplete validation of... Continue Reading →

A Website.

Up ↑