Documenting some of what I’ve learnt whilst becoming a pentester! Mostly HTB and OffSec Proving Grounds. Extremely human, full of imposter syndrome.

A couple of family members have had warnings this week from the exceedingly awesome site Have I Been Pwned, that their details have been found in the wild. So, this is my attempt at making something easy to read and understand for my parents, siblings, and anyone else who may not be the most technically minded, but recognize the need to try and be safe.

Something that needs pointing out — you’re not really a target. The vast majority of people out there are of little net value individually — it’s not worth a hacker’s time to try and crack their way into your account where you have maybe a couple of grand in the bank and an average line of credit. …


Image for post
Image for post

Quick enumeration of the machine with nmap revealed the following information:


Image for post
Image for post

Quick enumeration of the machine with nmap revealed the following information:


Image for post
Image for post

Quick enumeration of the machine with nmap revealed the following information:


Image for post
Image for post

Quick enumeration of the machine with nmap revealed the following information:


With my fairly average graphics card — Radeon RX-590 (https://www.videocardbenchmark.net/gpu.php?gpu=Radeon+RX+590&id=4025), for a given keyspace. More recent cards will be quicker. Next year, more recent cards will be quicker still!

7 characters, uppercase, lowercase, and numeric — around 8 minutes:

Image for post
Image for post

7 truly random characters, under 3 hours:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store