Ethical Hacking Blog

Transfer Files Between Kali and a Target — 4 Ways Every Pentester Should Know You've landed on a target. You need to push a payload over, or pull a loot file back to your Kali box. The question every pentester runs into eventually is: which transfer method should I use?  The answer depends on what you have available — credentials, network reach, available tools on the target. Here are the four techniques I reach for the most, ranked roughly from "you have credentials" to "you have nothing but a shell". > Prefer video? I walk through all four end-to-end on (https://www.youtube.com/@guskhawaja). When to Use Which | ` scp ` | You already have SSH credentials |  | ` netcat ` | No SSH, but TCP works | | ` python3 -m http.server ` | Target has Python and can reach you | | ` updog ` | You also need the target to upload files back | I'll cover each one with a real command you can copy and paste. Method 1 — ` scp ` (Secure Copy) If you have SSH access to the targ...

 How to Crack a ZIP File Password with John the Ripper If you've ever run into a password-protected ZIP file during a pentest, a CTF challenge, or while recovering your own archive, John the Ripper is one of the fastest ways to get in. In this walkthrough I'll show you the complete flow — from extracting the hash to cracking it to verifying the result — in just three commands. Prefer video ? I walk through this end-to-end in [the tutorial on my YouTube channel](https://www.youtube.com/@guskhawaja). What You'll Need Kali Linux (or any distro with the `john` package installed) The `rockyou.txt` wordlist — ships with Kali at `/usr/share/wordlists/rockyou.txt`. If it's gzipped, unpack it first with `gunzip /usr/share/wordlists/rockyou.txt.gz`. Basic terminal familiarity That's it. John the Ripper is already installed on Kali by default, along with its companion utility `zip2john`. Why John the Ripper (and Not Just `unzip`)? When a ZIP file is encrypted, the password i...

Ever run an Nmap OS scan (-O) and gotten a confusing list of possible operating systems?  In the world of penetration testing, accuracy is everything. An educated guess isn't good enough—you need to be sure. In this tutorial, we dive deep into Nmap's OS discovery capabilities.  I'll walk you through the process of starting with a basic, and often inaccurate, OS scan and iteratively refining our command to achieve a precise, reliable result.  You'll learn why simply adding flags like --osscan-guess isn't always the answer and discover the powerful role that the Nmap Scripting Engine (NSE) plays in true operating system fingerprinting.   This is a fundamental skill for any ethical hacker, penetration tester, or cybersecurity enthusiast. Let's level up your Nmap game!

 Hashing is one of the most fundamental concepts in cybersecurity—yet it’s often misunderstood or overlooked. In this blog post, you’ll get a clear, practical introduction to hashing algorithms and how they’re used in real-world scenarios, from verifying file integrity to protecting stored passwords. Whether you’re a SOC analyst, a pentester, or simply someone curious about security, this guide will give you a solid foundation to build upon. 🧠 What Is a Hashing Algorithm? At its core, a hashing algorithm is a function that transforms input data—like a file, a password, or even a simple email—into a fixed-size string of characters. This output is commonly referred to as a hash , digest , or checksum . A key trait of hashing is that it’s a one-way function . Once data is hashed, you cannot reverse it to get the original input. That’s part of what makes it so powerful in security use cases. Let’s look at a simplified equation: h = H(x) h : The resulting hash value (output) H ...

 In today's tutorial, we delve deep into the world of SSH (Secure Shell) and explore the powerful technique of remote port forwarding. This advanced concept is a game-changer for ethical hackers and cybersecurity professionals, providing a secure way to access remote network services. What You'll Learn: 🌐 The Basics of SSH Remote Port Forwarding : Understanding the core concepts behind SSH remote port forwarding and how it differs from local port forwarding. 🔧 Setup and Configuration : Step-by-step instructions on configuring SSH remote port forwarding in Kali Linux. We'll cover the necessary commands and configurations to get you started. 🛠️ Practical Use-Cases : Demonstrating real-life scenarios where SSH remote port forwarding can be effectively utilized in penetration testing to access services on a network that is not directly accessible. 📈 Advanced Tips and Tricks : Enhancing your port forwarding te...

 Welcome to this tutorial where we unravel the complexities of SSH Local Port Forwarding on Kali Linux. This skill is an invaluable part of any cybersecurity professional's toolkit, enabling secure, encrypted connections for various purposes, including secure browsing, managing databases, and more. 🔐 What You'll Learn: 🌐 The Fundamentals: Understand what SSH Local Port Forwarding is and why it's essential for securing your network communications. 🛠 Setting Up: A step-by-step guide to setting up local port forwarding in Kali Linux, ensuring a secure, encrypted tunnel for your data. 💻 Real-World Applications: Explore practical use-cases where SSH Local Port Forwarding can be applied to enhance security in various scenarios.   🎯 Who Is This Tutorial For? This guide is tailored for ethical hackers, network administrators, and anyone interested in network security. Whether you're a beginner or have some experience, thi...