Sign in

Ohh hey there,

I actually considered your response and made some suggested changes in the room itself. For you, this is to clear some of your queries

# Task 3

This was intended, if I would have given you a shadow file it would be easy for you to just read the following information like username and hash. So I generated a file with random characters, and embeded the username and password strings with username:something and password:something. This way the users of the room were suppose to use grep(prolly the only-thoughtful way) to solve this particular challenge.

# Task 6


So I was setting up this new VM and spend almost my whole day in copying my files from previous installation to this new one… Now, as for me… I am a little curious for trying up new things to see how they act out. Sometimes I don’t even see that I am using my actual machine to try those stuff out… And VMs end up crashing, as of me hindering with those config files at a regular intervals. So, I wanted there to be a system that whenever I install a new VM. …


Helloww… world,

I don’t know why would anyone try to even read this…No offence, but this was literally an easy WALKTHROUGH room that I created, but still some people out there find it difficult to solve the tasks… So here’s a short cheatsheet for everybody out there who still have a little discrepancy in their minds, regarding the tasks being buggy 😃. TryHackMe

Awk Command

Question: Download the above given file, and use awk command to print the following output:

ippsec:34024
john:50024
thecybermentor:25923
liveoverflow:45345
nahamsec:12365
stok:1234

Well this was no difficult task… The answer was:

awk ‘BEGIN{OFS=”:”} {print $1,$4}’ awk.txt

“Errr… Wrong…


Overpass3hosting banner by Nastuh Abootalebi on Unsplash

This is going to be a detailed room write-up on how do we get to the James user and what challenges were faced while port forwarding various ports to mount the NFS share of a user. For more such boxes checkout TryHackMe

Crap Talk

Above all the “hard boxes” I did till date, neither of them were as challenging as this… Now, again this wasn’t a hard box, this was just challenging… It’s just hard to spot something so abstract like this. Kudos to NinjaJc01 (aka james) for his amazing efforts on this box. This box. Is. Awesome. …


So today’s article is about another password cracking tool from my arsenal, which I use the most, whenever try to brute-force remote systems. Why so? I personally, consider Hydra as the best tool to brute-force various protocols, ranging from ftp logins to performing dictionary attack on Instagram, for the purpose of hacking accounts.

Intro to THC Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. …


So today’s talking is about learning the basics, or (for some experienced players in this field) to improve your skills in this field of automation. Now without wasting anytime let’s get started.

Introduction

Python is an interpreted, high-level, general-purpose programming language, released in 1991. Python’s design philosophy emphasizes on code readability with its use of significant whitespace. Its language approach the aim to help programmers write clear, logical code for small and large-scale projects. Also, python is an object oriented programming language.

What’s in it for us?

Well, it is one of the essential skills you should master, as if you’re stuck with something or a…


Continuing with password cracking playlist… Today, am gonna talk about john the ripper, a very good tool to crack password. Now in one of the previous articles, I talked about hashcat being the fastest tool and if that’s so why considering other tools? I am going to answer that too so just stick with me to the end.

The John

John the Ripper(JTR) is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset…


Now today’s article is gonna be a little more advanced. Today we are going to discuss about apache struts 2 and the vulnerability found in it. This vulnerability was found in 2017, but most of us don’t know about this apache’s service. So, I am going to give you a brief about this service.

Apache and Struts 2

The Apache HTTP Server, colloquially called Apache, is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation. Now the apache…


So as said, I will upload individual articles on the top brute-forcing tools I collected in my inventory. Getting forward with knowing hashcat…

Introduction

Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. Hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking. Let us talk about it’s CUI & GUI.

The Command-line User Interface

I won’t say that command line interface is more powerful, they both are same, but it is worth noting that CUI gives you…


So yea, I was talking to one of my best-mates on the phone, he appreciated for the articles I put on here, and that too regularly maintaining a blog like this is hard for some people, but I did it. Then when I asked him about some suggestions, like if there’s any way that I can make it better, or just any suggestions on what should be my next article about, he gave me this beginner-friendly topic that others could understand easily. Thanks pal, and let’s get on with — PASSWORD CRACKING!!!

What is Password Cracking?

Password cracking is the process of attempting to…

j4x0n

Nehh, just a n00b

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store