InfoSec, Linux help

Kali Linux unable to install VBox Guest Additions after upgrade

I've searched far and wide and found numerous answers to this question, but none of them seem to work...SO, if they don't work for you then please try this one. Firstly every time I tried to run this I got an error about my missing headers: ./ Building the VirtualBox Guest Additions kernel modules. This… Continue reading Kali Linux unable to install VBox Guest Additions after upgrade

Microsoft help

MS: The content type text/html; charset=utf-8 of the response message does not match the content type of the binding error

This problem is because the .Net Framework was installed after IIS. You can correct it by registering .net in IIS again. From an administrative command prompt type the following: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir Source:

Microsoft help

MS: Grant yourself admin access to a local SQL Server instance

After inheriting an SQL server with an already revoked SQL administrator account I needed to take ownership of the DB that the previous SQL admin had access to. So I had admin access to the server, but I needed sysadmin access to the SQL Management tool and the databases within it. Step 1: Stop the… Continue reading MS: Grant yourself admin access to a local SQL Server instance


Three tools for bruteforcing

Hydra, Ncrack and Medusa (although ncrack is no longer being actively developed and supported): hydra -L /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt ssh:// medusa -h -M ssh -U /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt ncrack -vv -U /usr/share/seclists/Usernames/top_shortlist.txt -P /usr/share/seclists/Passwords/top_shortlist.txt -p ssh Please make sure that you have a good word and password list for this exercise. It might… Continue reading Three tools for bruteforcing


Performing MitM attacks using arpspoof

In this scenario we will perform a MitM attack though arp spoofing. The concept basically comes down to ensuring that you can poison the arp table of the target machine and also the arp table of it's default gateway. For this example we will use arpspoof with the target's IP set to and it's… Continue reading Performing MitM attacks using arpspoof


WHOIS for gathering more domain information

To find out information pertaining to the owners of a domain you can make use of the whois tool: whois website.domain.domain Of course you do not have to settle for the information returned in the previous request - you can specify the whois server you would like to query to perhaps return even more information:… Continue reading WHOIS for gathering more domain information