Security Dojo

go down the rabbit hole...
it en

Wmap Metasploit – How to fix 'database not connected' problem

2021-09-26 1 min read fud0

WMAP is a web application vulnerability scanner available as module within the Metasploit framework.

When attempting to use it, if Metasploit has not been configured to use the PostgreSQL database, you may encounter an error similar to the one shown in the screenshot below.

WMAP - Error while loading WMAP

In fact, it is possible to use Metasploit even without having a database configured, but is is certainly useful to do so. For example, if you want to keep the data of your searches or scan results.

However, in the case of the WMAP module this is a fundamental requirement.

Let’s see how to fix problem.

Continue reading

Google OSINT with GHunt

2020-12-15 3 min read fud0

Have you ever wondered what is one of the fastest ways to retrieve as much information as possible about a Google user? That generic person X having the usual email account ending with

In this article we will talk about a tool that allows you to carry out this operation in a very simple and immediate way. The tool is GHunt and it is, as reported in the Github page, an “OSINT tool to extract information from any Google Account using an email”.

Before digging into how it works with a practical example, let’s do a little execursus on the theory behind it.

Continue reading

shhhh! how to find passwords on Github

2020-11-16 2 min read fud0

Find secrets right from your browser”. This is one of the sentences that appears clearly in the project Github page shhgit.

The reason is obvious, by accessing the live version of the project on it is possible to see password, Google Oauth Key, config file WordPress, NPM and much more scrolling in real time.

In fact, it is possible to filter and view a whole series of sensitive information in the form of data that are committed on GitHub, Gists, GitLab o BitBucket for example.

Continue reading

How to install Anydesk in Manjaro Linux

2020-11-15 3 min read fud0

Among the various applications I’ve used lately for remote desktop (i.e. TeamViewer, VNCViewer, Remote Desktop etc.), Anydesk is certainly the most interesting one.

I found it in its free version that is better than TeamViewer for everyday (basic) use. Meaning manage some of my PCs on the fly or help friends and relatives solve some problems remotely.

It is very fast, stable and available on various operating systems with remote control that appears very “responsive” even on networks that certainly do not shine for speed.

Today we will see how it is possible to install AnyDesk on a version of Manjaro Linux, in particular a 20.2. I recently installed it on an old Asus N56VZ laptop in dual boot with Windows 10.

On the download page dedicated to Anydesk Linux, there are different packages for Ubuntu / Debian based or Redhat / CentOS / Fedora distros. In addition to these, also the generic tar.gz package for all other 32 or 64 bit Linux distributions.

Continue reading how to register

2020-11-08 3 min read fud0

Few days ago while attending the course “Practical Ethical Hacking – The Complete Course” by Heath Adams (aka The Cyber Mentor), in the section “Mid-course Capstone”, he introduced Hack The Box.

For those unfamiliar with it, Hack The Box is one of the most famous online platforms where you can experiment and improve your pentesting and cyber-security skills.

However, as explained during the video lesson, the “first step” that needs to be done in order to start using the virtual machines present in HTB is to “get yourself” the invitation code in order to register.

As you can see from the screen below, once you click on the button on the top right “Join Now” on the home page, you are redirected to the page that we have to “hack” in order to get the coupon which will then allow us to proceed with the actual registration process.

Hack The Box - Invite Challenge

Although it is possible to find the solution to the problem simply by googling it, my opinion in this case is that “a good start is half the job”. Seriously, considering the type of portal we want to subscribe to, I think it’s essential to find the solution by ourselves.

Continue reading

Hello World!

2020-11-08 1 min read fud0

Hello World!”. Like tradition, here it is the common message to show whenever starting something new in the IT field. Especially with a new programming language.

Ready to start with this new adventure, with the same spirit that drove me during my first years on the web. The same will to learn, try, test, document and experiment.

In this blog there will be articles related to the IT world, with a more close look into the computer security field. Like they say, “you never forget your first love”. Therefore, back to the roots!

Enjoy your stay in these pages and enjoy your reading!

fud0 the dojomaster

Newer posts