Get your own WordPress server for penetration testing

Getting WordPress in a virtual machine
Here, I will talk about how to quickly get WordPress running in a virtual machine. I will use VirtualBox. Note that this is valid for other CMS. You can download a virtual machine with WordPress fully integrated here, on the bitnami website, that provides a lot of material and solutions to make your life easier. After downloading it, check the checksum value of the file you just dowloaded, and compare it to that given on the website. You can then open the file with VirtualBox. Follow the instruction and import the new appliance. And that’s it, you have your web server with Worpress on it ready. (more…)

Brute force JSON web token with python

JSON web token (JWT) is a standard defined for the use of secure transmission of information (https://jwt.io/introduction) between parties, using a JSON object. The information transmitted can be trusted since it is digitally signed by the server with a hashing algorithm and a key. JWT is signed using the HMAC algorithm together with a password or a public/private key using RSA. It is used when creating a session, for example, of a client on a web server. (more…)

Basic reverse engineering at Over The Wire

Today I was getting back to do some CTF on the platform Over The Wire. You can find there a lot of pentesting challenges. Either you are interested in web pentesting, linux server, cryptography, you can take a look there and see if they have what fits you. (more…)