7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
https://7ms.us/
7MS #579: Hacking Tommy Callahan - Part 2
Hey friends, today we're continuing our series on pwning the Tommy Boy VM on VulnHub VM! P.S. did you miss part one? Check it out on YouTube. Joe "The Machine" Skeen and I had a blast poking and prodding at the VM in hopes to fix the broken Callahan Auto brake-ordering Web app. Some tips/tricks we cover:
- It's always a good idea to look at a site's robots.txt file
- crunch is awesome for making wordlists
- fcrackzip is rad for cracking encrypted zip files
- dirbuster works well for busting into hidden files and subfolders
- exiftool works well to pull metadata out of images