ITSecurity Training

Testing System Vulnerabilities

Posted on

It would be a good idea to test your system hacking skills on systems that are not production systems. But who has time to create systems with a few vulnerabilities? Well it is vulnhub.com Here is Bwapp which you can download which is actually a vmware instance of a vulnerable application which can be “test” […]

ITSecurity Training

How-To Hack Wifi: Testing Defenses

Posted on

Hacking Wifi is useful since we want to test our defenses, to make sure we have a certain level of defense set up. Aircrak-ng is used to crack the Wifi encryption that is available on Kali Linux Operating system (the operating system built for pentesters/ethical hackers) As in this tutorial by WonderHowTo there is a few […]

ITSecurity Training

Hydra Tool Can Crack Your Online Passwords

Posted on

Here is a website link that discusses Hydra trying to crack online passwords at websites: http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html The tool can attack (and iterate)  through a set amount of dictionary passwords to ssh and ftp server accounts very easily (without any extra configuration) If there are website forms that have usernames and passwords (like WordPress or Joomla […]

ITSecurity Training

How Dangerous is SQL Injection?

Posted on

A good tutorial of basic SQL injection (without a tool): http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html Notice the bottom entryuser-id field: ‘ OR 1= 1; /* and in password field: */– As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts.   Why is this? because a 1=1 statement […]