Today’s videos were an overview of tools Kali provides for cracking passwords. This subject was broken into two videos, one each for offline and online attacks. So far as choosing an offline attack vs an online attack, the instructors suggested that an offline attack is better in that one has a lot more time to crack whatever password they’re trying to access. Online attacks in which one is actively engaging a target are risky in that you stand a chance at being detected or triggering a system policy which may halt your attack. They reiterated that these rules weren’t set in stone, however, and one should proceed as one judges best.
Continue reading “Kali Linux: Cracking Passwords”
I made it through two videos today each an overview for the tools associated with enumeration and the other on the techniques of gaining access to a system. Because of the nature of these two videos, I don’t have too much to say on the subjects yet as they weren’t really hands on.
Continue reading “Kali Linux: Enumeration and Gaining Access”
Today’s video was pretty straightforward and the thirty minutes went by faster than I realized. Given how little was covered in this video and how late it is in the day, this is going to be a very short post. The focus of today was on looking for systems that are live on a network. Scanning for these live hosts are a big part of the penetration process that helps one discover what ports are open and what lies beyond them. Kali has a variety of tools to help determine what is actually live, but one of the obstacles we’re bound to run into are systems that aren’t live all the time. When we perform our scans, these systems may be offline which is something we have to take into consideration. The instructors also mentioned scenarios where machines may be offline but have the Wake on LAN feature turned on. Apparently there are tools in Kali to help us in these situations as well.
Continue reading “Kali Linux: Checking for Live Systems”
I decided to take a quick break from my Kali courses in a spur of the moment decision to fix something that has been bothering me. Over the past few years, my website has taken on many functions and looks and over time I’ve been adding little bits of code here and there. A few months ago, I accidently let my hosing plan with GoDaddy lapse unintentionally and I had to cobble together my website from a series of backups I had lying around. Luckily, I always made sure to have a WordPress XML backup of my posts on hand and I’ve always made sure to keep the graphics I use on those posts.
Continue reading “The Bricks Have Fallen Down but We Will Rebuild”
The video I watched today covered network scanning and, to my disappointment, there wasn’t any hands on use for these tools today. The instructors spent some time breaking down the meaning of scanning in this context as actually having two parts: scanning and enumeration. After the reconnaissance phase, after we’ve gathered all of our information, we start reaching out and actually touching the target. This scanning phase is broken into the two parts of actually touching the target followed by listing whatever was found during the scan. A pretty straightforward concept, I think.
Continue reading “Kali Linux: Network Scanning”
Today we covered a variety of tools used to gather information from a targets website. I was so excited by some of these tools that I immediately ran them against my own website to see if there was anything I needed to do to tighten up security.
Continue reading “Kali Linux: Website Recon”
Today I tackled the two-part video on Uncovering Network Info which covered an important part of the reconnaissance phase on gathering information on your target. This topic covered the use of five tools in Kali which included Whois, NsLookup, fping, DNSenum, p0f, and DNSwalk.
Continue reading “Kali Linux: Uncovering Network Info”
“April Fool’s Day is the one day of the year when people critically evaluate news articles before accepting them as true.”
Perhaps it’s because I worked from 2AM to 7AM, and that during those hours no one is in the mood to joke around, or perhaps it was simply tamer this year, but I didn’t even pick up that it was April Fools today. In fact, had it not been for a Reddit post depicting a sticky note reading “April Fools! :D” having been applied over the optical sensor of a mouse, I might have forgotten about it altogether. Of course I immediately shared that mouse prank with my friends in IT with the encouraging message, “Today is the day, Satan!”
Continue reading “April Fool’s Pranks”