Nikto is a great tool for scanning web servers for vulnerabilities but if you look at the logs, you can see its footprint:

    "Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)"

    ...which makes it simple to block. To change Nikto's user agent, we open the configuration file found in /etc/nikto.conf

    I have a wordlist I created from a collection of wordlists I've acquired.  It's not the end-all, be-all wordlist but it's a big and if you have a weak password, it's in this list.  In fact, if you have a decent password, it's in the list.

    It's a good list for banging against passwords to see if they are reasonably secure.  When I attempt to crack a passwords, I go to the top 10 most used, the top 500 most used, and then 'the' list.  Beyond that, I'm probably going to stop unless I have a different motivation.

    With the recent talk about hijacking IP cameras for the purposes of creating a bot army, I decided to order a camera.   I'd seen this model or one like it in my local lunch place and I ordered one from Amazon.  Two days later, I got my target, a "D-Link DCS-930L Wi-Fi Camera with Remote Viewing".  Nothing fancy really.  Just a $30 camera that can be used wired or wirelessly, but apparently only good for "day use".  It will serve my purpose though.  Army of one.

    There’s a certain feeling of satisfaction when you can manually work your way through exploiting a box.  Not only that, you’ll have a better understanding of what’s really going on under the hood.  You don’t really get that when you’re using automated tools.  Not that I don’t use what’s in the toolbox but given the choice, I will try the manual route first.

    I've not seen much of Drupal from either side but I found myself staring at a 7.31 installation and after some quick searches, I realized it was vulnerable to SQL injection.

    © 2020