Category Archives: penetration testing

How is WPA2 cracked

Since a while, I have been wanting to get into some wifi hacking. It looks like this is one of the skill that everybody would like to get. Just be able to get any wifi, anywhere you are. Well, maybe that was true some years ago, I am not sure this is still so easy today. Still, I wanted to get into it and try by myself. Mainly, I wanted to understand how it was possible to crack some wifi. By asking your favorite search engine about cracking wifi, you might run into a lot of tutorials showing you which commands to copy and past in kali linux in order to start hoping you might crack some wifi around you. But, beside this empowering feeling you get when learning to hack wifi, what is more interesting is how is it possible to crack a wifi network, and where is the security flaw. What is the magics that the aircrack-ng suite is relying on? Let’s take a look at it. Continue reading

How to prevent basic code injections

Injections are code instructions that are executed somewhere not expected. A famous case is SQL injection, where an user can inject instructions that will be interpreted by a database management system, whereas this user is not meant to directly interact with the database nor execute code on the database server. Code injection, could, theoretically, take place anywhere during a code execution where the user is asked for input, if the code is not properly sanitized. Code injection can happen with different programing languages (C, C++, python, php, etc). Continue reading

Set-up WebGoat on linux

WebGoat is a java web application made up to test your web penetration testing skills. It is deliberately insecure and is developed and maintained by the Open Web Application Security Project (OWASP), who builds and releases a lot of interesting material in order to learn web penetration testing. Beside being a platform to test your web application hacking skills, it also gives you basic hints about the challenges you have to face in the real life. To access Webgoat, you will need to install it on you machine, or on a dedicated server. Continue reading

Get your own WordPress server for penetration testing

Getting WordPress in a virtual machine
Here, I will talk about how to quickly get WordPress running in a virtual machine. I will use VirtualBox. Note that this is valid for other CMS. You can download a virtual machine with WordPress fully integrated here, on the bitnami website, that provides a lot of material and solutions to make your life easier. After downloading it, check the checksum value of the file you just dowloaded, and compare it to that given on the website. You can then open the file with VirtualBox. Follow the instruction and import the new appliance. And that’s it, you have your web server with Worpress on it ready. Continue reading