Surviving an SSH Audit

It’s often seen from most scanners a number of issues being raised in regard to SSH security. They are mostly around : Use of weak arcfour ciphers SSH Weak ciphers SSH weak Mac algorithms SSH insecure key exchange etc. as an example we will cover how to harden a weak understanding of the defaults and[…]

John The Troll (CTF – Africahackon) – Key 3

Now from John The Troll (CTF – Africahackon) – Key 2  we have gotten to be Chicken, so the next thing would be getting information about the system. [+] Kernel Linux version 3.13.0-55-generic (buildd@brownie) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015 [+] fstab entries # /etc/fstab: static file system[…]

John The Troll (CTF – Africahackon) – Key 2

After the previous article we got the first key. Now for the second key we needed to move a notch higher into the system. We had a loot.dic so the best option seeing we only have the web application facing us so far would be bruteforcing it. root@mth3l3m3nt:~# wpscan -u -U hacker123 -w ~/loot.dic[…]

Demistifying FOPO

What is FOPO? First of all it stands for :- Free Online PHP Obfuscator. Basically what obfuscation does is it makes Scripts or programs less friendly to the human eye to quickly understand. This particular one is available online here. To test it out and see just what it does i wrote a simple Hello[…]