CentOS 8 – Setting up a LAMP environment

Welcome back again to another Stealthbay blog. So this week I was trying to setup a LAMP (linux, apache, mariadb, php) setup to test out some web apps. And, I thought I’d post a quick tutorial on what I did to set one up. Hopefully, it helps someone else out there to setup one very quickly using CentOS 8.

Note – I was using CentOS 8 on VMWare 15.5 and noticed there is an issue. Make sure you do not power the machine on right away. Go to the hardware settings on the VM and remove the “autostart.inf” it shows up as a CD/DVD drive. This is the easy install option and it messes up the installation.

Recover Keys – Part 1 – Scanning a Local Machine

Recovering License Keys

I ran into an issue when trying to upgrade a windows 7 PC back in 2019 before Windows 7 went EOL. A decision was made to start a complete fresh install of Windows 10 instead of upgrading from Windows 7 to 10.

However, it came with a caveat that I would have to reinstall many tools all over again. For some of them, I no longer had a stored copy of the license key(s) laying around, or stored digitally any longer. So it got me thinking, if there was a way to recover these license keys.

Now, I could poke around and find the answers combing through the Registry or disk. However, I thought I’d speed things up by using existing tools that get the job done for you.

Nirsoft (a well-known website for recovering all kinds of artifacts from your PC) used to have a free tool that would search the registry for license keys. The tool was called “ProduKey”, and can be found here:https://www.nirsoft.net/utils/product_cd_key_viewer.html

But, upon trying to download the file, it gets redirected to another website called “recover keys” https://recover-keys.com/en/aboutus.html   

DNSTwist – Domain Phishing Enumeration

DNSTwist – A Look at Domain Phishing Enumeration

A few weeks ago, I happened to stumble upon a tool called DNSTwist. And, like every tool I ever encounter, I always like investigate more into a tools capabilities and what it can offer. After reading more about the tool through another blog I was reading at that time. I was pointed towards the official Github page for DNSTwist. The tool itself is great and something every company should at least look at on a yearly basis. Phishing attacks are on a rise, and the expectation is that they will continue to increase over time. So, I’ve decided to create a very quick tutorial on how to use DNSTwist, and what it can offer for anyone that wants to make use of it. This is a great tool for Pen Testers and Security Analysts!

What can DNSTwist do for me?

I found using this tool gave me great insight into major phishing attacks that could be conducted against users or companies. Now how is this a good thing? Well, if you know the type of attacks that can take place, or how a certain attack can take place. Then, you are better able to find ways to defend against this type of attack. At the minimum, you can at least detect this specific type of attack. In my experience there are more stats revealing that there is now a rise in phishing attacks against companies and users.

So how does this tool help me? (more…)

Bypassing Windows Logon Passwords

Bypassing Windows Logon Passwords

Introduction

So I had a friend who had an old laptop sitting around collecting dust at home. He knew I was into computers and asked me if I wanted it. And you know a techie…. when someone throws out free hardware you just can’t complain or say no!!

However, he realized he did not remember his password, and wanted to see what files still were on the machine before he let me have it. He was sure he backed all files up awhile back when he got his new laptop. But, he wanted to be sure, and knowing I am a Security Analyst wondered if I could help him out. So, I went ahead and was able to obtain his password so he could login to delete or save any data he still wanted.

After I completed the task to recover the password, I decided it would make a great blog article to write about.

So here it is…… (more…)

BurpSuite & ZAP Bypass Proxy

BurpSuite & ZAP Bypass Proxy

I wanted to make this tutorial for users that might get stuck in a similar situation.

I was security testing a website using Burpsuite and would end up with SSL Handshake failures. And, it really made no sense at first since Burpsuite uses Java. And, I had the latest version of Java installed on my machine. Burpsuite was giving me SSL Handshake failure alerts and was asking me to install JCE Strong Cipher policies. Turns out the website was using VERY strong ciphers (which is a very good thing). And, they were using no medium or outdated ciphers.

Now, these ciphers are so strong that even the latest Java package does not contain them….yet.

So that meant I had to find another way to use Burpsuite, but still have the ability to make a proper SSL handshake using the strong ciphers. I then turned to another similar product called OWASP ZAP. This is a great product and I have used it back when I didn’t quite have the funds to purchase Burpsuite. What I realized was that I could use Burpsuite and have ZAP filter my traffic for me. For some reason ZAP has all of the strong ciphers and did not fail the SSL handshake, which meant I could transfer traffic as:

 Browser -> Burpsuite -> ZAP -> Webserver

(more…)