Below you will find pages that utilize the taxonomy term “Tools”
April 1, 2023
Customizing a hackbook pro
To develop in cybersecurity, it is vastly important to keep a growth mindset. Always be learning. In order to allow that, it helps to have the right tools available. One important tool is a dedicated computer for hacking activities such as participating in training labs, testing tools, or learning new methodologies. I reset a Macbook Pro, keeping the intending macOS and installed VMware fusion for running virtual machines (VM) including Kali linux.
March 30, 2023
Wazuh - An open-source security platform
A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.
February 19, 2023
Intro to Cloudflare Zero Trust
Cloudflare offers some amazing, and free, products to secure personal use, self-hosted applications and devices. Last week, I set up a server at home running docker containers. By using Cloudflare I can securely make those docker containers internet accessible. Previously in order to do that, I’d have to open a port through my home router and accept any traffic from the internet on that port. This is visible and allows a home IP to appear in use to anyone who scans it.
February 18, 2023
Are Password Managers Safe to Use?
Note from hackerunder.dev: This post was copied from https://www.passwordmanager.com/are-password-managers-safe-to-use/ with permission to display on this site. Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use. Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own.
February 15, 2023
Building a docker server
This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.
February 26, 2020
What is Updog?
Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.
April 13, 2019
CMU SEI releases tools to build realistic labs
In order to learn something, you need to practice it. When it comes to becoming a hacker, that is done by attacking machines in a lab. There are many ways of doing this, such as building your own, spinning up an OWASP or Metasploitable virtual machine, or using a service like Hack The Box. There’s one common flaw with these labs though, they’re not realistic. To build realistic labs that look like live environments is a hard task to accomplish.
March 16, 2019
Replacing a forgotten WordPress password
What is the best part of creating a new blog? You create everything, move content, and then get back to the daily grind. Come back to write the next post and, wait, what did I set as the WordPress password? Looks like we’re going to have to overwrite the hash in the database. <pre class="wp-block-code">``` mysql> SELECT ID, user_login, user_pass FROM wp_users; +----+------------+------------------------------------+ | ID | user_login | user_pass | +----+------------+------------------------------------+ | 1 | admin | $P$BThiRip7s2lXh/PBVW7yFnKbQWvDtc0 | +----+------------+------------------------------------+ Here’s the problem though, we need to know how WordPress hash passwords in version 5.
March 11, 2019
The power of scripting
On March 9th, I was a part of an awesome class hosted by @Ashioni that went over the Bandit challenges from OverTheWire.org. While I’ve attempted the Bandit challenges a few years ago, there are new additions and it’s always good to review how to answer these puzzles. There is never a single solution! In this article, I want to show a few ways we attempted the last challenge of the day.
September 13, 2017
Installing Kali and Metasploitable on VirtualBox
Have you ever wanted to be a 1337 hacker like you see in the movies? Metasploit automates some of the harder tasks related to penetration testing. This blog post is a quick setup to install two virtual machines that will allow you to explore how to use Metasploit. Step 1: Get files needed to create the VMs Download VirtualBox Download Kali for VirtualBox Clone Metasploitable2 Step 2: Setup Kali Open VirtualBox, click File > Import Appliance.
September 2, 2017
PHP Regex tutorial
Have you ever wondered how web applications do validation on forms? How does the app know when your input is really an email address? In most PHP applications, this is done using regular expressions (Regex). I’ve previously posted about how to defend against XSS and SQL injection. Checking strings with a white list of allowed characters is one of the easiest changes a developer can make. Regex makes this easy in most programming languages.
August 22, 2017
TV B GONE
Ever sit at a bar with friends and try to have a conversation but the TVs behind the bar were too loud? If only there was a quick convenient way to turn them all off at once. This is where the TV B GONE remote comes in. A simple kit that sends over 100 “power off” signals to TVs within a 150 foot range at the push of a button.
April 4, 2017
My experience setting up an Algo VPN
First off, I don’t know if you’ve been avoiding the political storm as much as I have but there’s one thing that’s been so retweeted, shared, and updated that I couldn’t avoid it. The discussion about the privacy of our internet content. The Problem ISPs are able to sell your data. While it is possible that similar data is already being collected and used by social media, applications, and other providers… It’s brought up an interesting conversation about how to secure ourselves while browsing the internet.
December 21, 2015
Monitoring Honeypot Output
Last week I posted in Hacking about installing a Honeypot to record SSH traffic. Since it was installed, I’ve been working on easily monitoring of the output. Michel Oosterhof, the creator of Cowrie, has done a lot of development work to create some awesome logging output from the honeypot. There are a lot of different options and you can even store output in a mySql database. I found instructions for that on a wordpress blog.
December 18, 2015
Cowrie Honeypot Installation
Who likes honey? I know I do. Unfortunately Cowrie isn’t the like of honeypot you might imagine. Instead of thinking source of deliciousness, think something you will get your hand stuck in. In security terms a Honeypot is where a system is set up to record everything that’s going on. In those terms, cowrie is a SSH monitor that tracks everything that happens over an ssh connection. This is a project that I started with @Taco_Pirate.
December 7, 2015
Exploiting BWA (Broken Web App)
Two posts ago, I wrote a quick post about installing OWASP’s Broken Web App. This post will be about exploiting the BWA and by that I mean I’m sharing my experience following existing proof of concepts and walkthroughs. For example, reported vulnerabilities from sourceforge and video walkthroughs on irongeek.com. This post assumes you have the OWASP BWA virtual machine up and running and that your target VM’s IP address is mapped to owaspbwa.
December 4, 2015
I wanted to do a quick write up of the last project I did for class, it was a scoreboard app written in Python and used Flask. For extra credit we could host it on Python Anywhere. The app also uses SQLlite for the database. All of the development work was done using PyCharm. One of my Media and Information classes has a lot of programming based projects. We used two main different languages and IDEs to get them done, the final for the class and the early projects was done using C# and Unity, while the end of the class utilized Python and PyCharm from JetBrains.
November 25, 2015
Installing BWA (Broken Web App)
OWASP Broken Web App (BWA) is a safe place to practice some fun stuff and is basically a collection of applications to test everything security related. OWASP has a few projects like Web Goat, Security Shepherd, and more. Broken Web Apps is a collection of these guides and some outdated apps to test your developing skills. Install All The Things! In order to set things up, it’s important to have everything you need installed.
October 21, 2015
Spartan Hackers Website
Hello again, I am going to share my love hate relationship with my latest web design project: spartanhackers.com Some background information, Spartan Hackers is a group at Michigan State University that holds weekly events to introduce students to various technical skills that they can use at hackathons like Spartahack. The Beginning Spartan Hackers started up just last year, and only had a few members to run everything. The president at the time wrote a nice website for the club that was using only static content and the grayscale bootstrap theme.
September 19, 2015
SSH into Kali
I’ve had a couple posts about Kali on here already. But I still haven’t had a chance to fully get in to it myself. I know, it’s tragic right? Well for those who know less than I do about it; Kali is a linux distro from Offensive Security that comes packed with tools and programs that make hacking easy. However carrying around a computer for work, one for class, one with Windows, and a tablet or two isn’t really an option, unless your bag is designed for 80lbs.
August 13, 2015
Making a website using Jhipster
July 29, 2015
Found a group, sticking with it.
GrrCon 2015 is in October, it’ll be a great conference with a lot of talks. It’s the first con I’ll be able to attend. The tickets are a little expensive and I was unsure about going since this would be my first conference… Not to mention I’m still trying to get through college and I’m tight on money. So of course, I’m volunteering! I’ll be working my butt off to get you the best Con possible while making all the connections I can.
July 29, 2015
COGSS Website: Automated Scoring for Collegiate Gymnastics
I’ve mentioned in previous posts that my girlfriend is on a gymnastics team. I did their club website for them a while ago. I went to a meet they hosted their year and helped out as much as possible. They were using a Microsoft Excel sheet to do all of their scoring for each event. While watching the guy use excel, I got a headache just trying to follow the complex steps that were set up for it… so I had the bright idea to set up a website that simplifies the process and allow anyone to use it for their meets as well.
June 11, 2015
EMU Gymnastics Club Website
May 16, 2015
Automatic Sharing on Facebook and Twitter
How many people do you see every day that are staring infinity into their smartphones? How much would you bet that they are on Facebook or Twitter right now? There are also a lot of people on the internet who write interesting blog posts to people about a lot of cool things… and I am one of those people. There is a wordpress plugin that allows me to share new published posts with friends and followers automatically.
May 15, 2015
Developing KORA 3.0
This is a big project I’ve worked on from the beginning when working at Matrix: Center for Digital Humanities & Social Sciences. It’s taking an old platform and revamps it into a modern application. KORA 1.0 was built over the last two decades by non-software developers, I never saw the code personally but I heard horror stories of unorganized pages of code that was thousands of lines long. KORA 2.0 reorganized the code into an Object-Oriented-Programming (OOP) format, Matrix’s system admin (now retired) and students introduced classes and actually made the code readable to developers.
February 19, 2015
Step 4: Get into the toy chest
If you’ve never played with BASH/terminal or you don’t know what Linux is. I suggest you read into that first before you get much further into hacking. Most of Kali’s toys are based off of the terminal, so in order to run them, you will be typing commands like “nmap -A http://your-ip-address”. This link is Offensive Security’s website where they have some awesome documentation about what’s available on Kali.
February 13, 2015
Step 3: Set Up Your Hacking Environment
Everyone wants to break into their neighbors wifi or steal someones password at Starbucks, but depending on National, State, and local law, even packet sniffing could be illegal. So how do we safely practice how to hack before we are ready to find Sony’s back door? We set up a environment for virtual machines on our local computer or server! For those of you who don’t know what a Virtual Machine is, it’s a “computer” inside your computer.