Author: Jonobi Musashi

Domain Name System Simplified

Hello world, and welcome to HaXeZ. Today I want to talk about the Domain Name System (DNS). I know, I know, most of you probably already know how DNS works. However, I’m going to be writing an article soon about Firewall Evasion and Data Exfiltration through DNS Tunnelling and I needed to brush up on my DNS knowledge. Never wanting to waste an opportunity, I thought it would make for a good blog post and video so here we are. …


PortSwigger: SQL injection attack, listing the database contents on Oracle

Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 8. This lab requires you to query the information schema to get the table name, column names and then perform a UNION injection to get the administration username and password. It’s the same as the last lab except for this time we need to alter our syntax as we’re doing it against an Oracle database. …


PortSwigger: SQL injection attack, listing the database contents on non-Oracle databases

Hello World, and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 7. This lab requires you to query the information schema to get the table name, and column names and then perform a UNION injection to get the administration username and password….


Metasploit Pivoting To Hack Segregated VirtualBox Virtual Machines

Dear friend, welcome to HaXeZ. If you’re new to hacking and cybersecurity then you may have heard about pivoting. If you haven’t then let me explain. Pivoting is where you have compromised a host and discovered it is attached to another network. You then use that host to pivot your scans and attacks to hosts within that other network. For example, imagine you have just compromised a public-facing Web Application server. You check the network configuration and find that it is connected to an internal network. You can then use the compromised web application server to scan that internal network….


Hack This Site: Extended Basic – Mission 5

Dear Friend, welcome to HaXeZ where today we will be looking at the Hack This Site Extended Basic mission 5. This mission is another programming mission that requires you to review the contents of a PHP file and then subsequently a shell script that is used to edit the PHP file. There is an error in the shell script that prevents it from doing what it’s supposed to do. We need…


Tools: Metasploit

The Metasploit framework is an essential tool for any aspiring hacker or penetration tester. It comes preinstalled on many penetration testing distributions including Kali Linux. It is a framework that allows the user to select from a plethora of powerful tools. Furthermore, the user can then configure that tool with various options including the target’s IP address and port number. Once the tool has been configured, the user can execute the tool and exploit the target….


Hack The Box: Machine – Fawn

Dear friend, welcome to haXez, and thank you for stopping by. Today we’re looking at the Hack The Box Machine Fawn. It’s a super easy box that requires you to enumerate the services on the box and then utilize those services to capture the flag. There are also a number of questions that you need to answer to own the machine. …


VulnHub: Vulnix

Dear friend, thank you for stopping by HaXeZ! In this article, I will be going through the VulnHub box Vulnix. This box requires you to perform some basic reconnaissance to discover services. You then need to abuse those services to gather more information that can be used with other attacks. I like this box as the scenario it presents is realistic. It is also a good box for learning about the Network File System service. …


Hack To Learn: OSINT and Passive Reconnaissance

Dear Friend, welcome to HaXeZ where I want to talk about Open-source intelligence and passive reconnaissance. Passive Reconnaissance is one of the most important phases for successful hacking. In contrast to active reconnaissance, Passive Reconnaissance uses Open Source Intelligence (OSINT) techniques to gather information about the target. In other words, we attempt to gather information about the target without interacting with it. This article is going to cover a number of Passive Reconnaissance tools but there are plenty more out there….


Hack This Site: Extended Basic – Mission 4

ear Friend, welcome to HaXeZ where today we will be looking at the Hack This Site Extended Basic mission 4. This mission is another programming mission that requires you to examine the source code of an application to determine its output. Again, please be advised that I’m terrible at programming so my explanation might be terrible….