My Journey to Professional Pentester

Continuing on from the topic last week, I will continue to explore setting up a wireless adapter to begin wired and wireless hacking. I am still using Kali Linux ( https://www.kali.org/downloads/ ) on a virtual machine loaded on VirtualBox ( https://www.virtualbox.org/wiki/Downloads ). Additionally, I am using the Alfa AWUS036NHA ( http://amzn.to/2joTI0q ). This post explores three different methods for enabling monitor mode on the wireless adapter. This adapter supports two modes - managed and monitor, respectively. With a device set to managed mode, r eceived packets are only sent to a user's MAC address. T he MAC address is used to ensure that packets are sent to the correct destination. In order to capture all packets within a specific WiFi range - that is, not only the packets sent to a user's device - the wireless card can be set to monitor mode. The first method used airmon-ng. This is a tool within the Aircrack-ng utility that comes installed on Kali Linux. Accordin...

This exercise explores vulnerabilities associated with file uploads. The target machine was the Damn Vulnerable Web Application (DVWA) found at http://www.dvwa.co.uk/ however, this web application came preinstalled with Metasploitable 2 found at https://information.rapid7.com/metasploitable-download.html . DVWA, according to its website, “is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment” ( http://www.dvwa.co.uk/ ). Metasploitable “is virtual machine based on Linux that contains several intentional vulnerabilities for you to exploit. Metasploitable is essentially a penetration testing lab in a box, available as a VMware virtual machine (VMX),” ( https://information.rapid7.com/metasploitabl...