Wmap Metasploit – How to fix 'database not connected' problem

WMAP is a web application vulnerability scanner available as module within the Metasploit framework.

When attempting to use it, if Metasploit has not been configured to use the PostgreSQL database, you may encounter an error similar to the one shown in the screenshot below.

In fact, it is possible to use Metasploit even without having a database configured, but is is certainly useful to do so. For example, if you want to keep the data of your searches or scan results.

However, in the case of the WMAP module this is a fundamental requirement.

Let’s see how to fix problem.

Google OSINT with GHunt

Have you ever wondered what is one of the fastest ways to retrieve as much information as possible about a Google user? That generic person X having the usual email account ending with @gmail.com.

In this article we will talk about a tool that allows you to carry out this operation in a very simple and immediate way. The tool is GHunt and it is, as reported in the Github page, an “OSINT tool to extract information from any Google Account using an email”.

Before digging into how it works with a practical example, let’s do a little execursus on the theory behind it.

shhhh! how to find passwords on Github

“Find secrets right from your browser”. This is one of the sentences that appears clearly in the project Github page shhgit.

The reason is obvious, by accessing the live version of the project on www.shhgit.com it is possible to see password, Google Oauth Key, config file WordPress, NPM and much more scrolling in real time.

In fact, it is possible to filter and view a whole series of sensitive information in the form of data that are committed on GitHub, Gists, GitLab o BitBucket for example.

How to install Anydesk in Manjaro Linux

Among the various applications I’ve used lately for remote desktop (i.e. TeamViewer, VNCViewer, Remote Desktop etc.), Anydesk is certainly the most interesting one.

I found it in its free version that is better than TeamViewer for everyday (basic) use. Meaning manage some of my PCs on the fly or help friends and relatives solve some problems remotely.

It is very fast, stable and available on various operating systems with remote control that appears very “responsive” even on networks that certainly do not shine for speed.

Today we will see how it is possible to install AnyDesk on a version of Manjaro Linux, in particular a 20.2. I recently installed it on an old Asus N56VZ laptop in dual boot with Windows 10.

On the download page dedicated to Anydesk Linux, there are different packages for Ubuntu / Debian based or Redhat / CentOS / Fedora distros. In addition to these, also the generic tar.gz package for all other 32 or 64 bit Linux distributions.

Hackthebox.eu: how to register

Few days ago while attending the course “Practical Ethical Hacking – The Complete Course” by Heath Adams (aka The Cyber Mentor), in the section “Mid-course Capstone”, he introduced Hack The Box.

For those unfamiliar with it, Hack The Box is one of the most famous online platforms where you can experiment and improve your pentesting and cyber-security skills.

However, as explained during the video lesson, the “first step” that needs to be done in order to start using the virtual machines present in HTB is to “get yourself” the invitation code in order to register.

As you can see from the screen below, once you click on the button on the top right “Join Now” on the home page, you are redirected to the page that we have to “hack” in order to get the coupon which will then allow us to proceed with the actual registration process.

Although it is possible to find the solution to the problem simply by googling it, my opinion in this case is that “a good start is half the job”. Seriously, considering the type of portal we want to subscribe to, I think it’s essential to find the solution by ourselves.

Hello World!

“Hello World!”. Like tradition, here it is the common message to show whenever starting something new in the IT field. Especially with a new programming language.

Ready to start with this new adventure, with the same spirit that drove me during my first years on the web. The same will to learn, try, test, document and experiment.

In this blog there will be articles related to the IT world, with a more close look into the computer security field. Like they say, “you never forget your first love”. Therefore, back to the roots!

Enjoy your stay in these pages and enjoy your reading!

fud0 the dojomaster