Hacker For Hire

using perl to grab IP addresses of multiple hostnames

By admin.au | June 1, 2025 - 8:14 am |June 1, 2025 Script

Recently while conducting a vulnerability assessment for a rather large customer I was given a list of hostnames from around 20 domains culminating in a list of over 5000 targets that needed to go through the motions. Due to scale of the testing I needed to run the scans from… →

Very Simple Caesar Cipher (Python)

By admin.au | June 1, 2025 - 8:10 am |June 1, 2025 Script, Tools

Leave a comment

During a recent CTF I needed to decrypt a page encrypted with a Caesar Cipher. I didn’t know the what the ROT was and I was struggling to find an easy yet useful one around so I wrote this one. Feel free to borrow it, steal it, claim it as… →

post exploitation: finding passwords in haystacks

By admin.au | June 1, 2025 - 7:20 am |June 7, 2025 Post Exploitation, Tools, Tutorial

Leave a comment

Often while conducting an internal pentest you may gain access to a user machine through some vulnerability or more commonly via social engineering. Let’s say that you pop a shell, unprivileged, and incognito only finds unprivileged domain tokens. You could move onto another target or you can try some post… →

data exfiltration over SSL with srvdir

By admin.au | June 1, 2025 - 7:13 am |June 7, 2025 Post Exploitation, Tools, Tutorial

Leave a comment

Every now and then I come across some application that may or may not have been developed with penetration testing in mind but it ends up being damn helpful all the same. Yesterday I found a post about ‘srvdir‘ (surv~durr?) which is designed to share content over SSL/TLS via… →

cracking the infernal hades

By admin.au | June 1, 2025 - 6:57 am |June 1, 2025 General

Leave a comment

About a month ago, Vulnhub released a boot2root image built by Lok_Sigma called Hades. The box promised to be full of annoyances and it delivered them in droves. Requiring a combination of exploit development, reverse engineering and some out of the box thinking, I really enjoyed this challenge. I… →

d0x’n myself beats the “hello world” post

By admin.au | June 1, 2025 - 6:52 am |June 1, 2025 General

Leave a comment

My name is Ryan and I live in Sydney. My history is extremely boring and full of horror stories from racist countries so I’ll skip to 5 years ago in a hotel room in Perth, shortly after I moved to Australia. I liked to call myself an IT Professional but in all honesty… →

is robots.txt dead? lets ask dropbox

By admin.au | June 1, 2025 - 6:49 am |June 1, 2025 Fun

Leave a comment

First off I’d like to give creds to Francis Brown and Rob Ragan who presented their talk Tenacious Diggity at Defcon20 where I found out about the apparent steam-rolling of Dropbox’s robots.txt file. For as far back as I can remember, the robots.txt file has been a ban-list of places that… →

build a heartbleed test lab in 5 minutes

By admin.au | June 1, 2025 - 6:45 am |June 7, 2025 Exploits, Tools, Tutorial

Leave a comment

Lets be clear, I’m all about the offensive side of information security. I’m a pentester and I enjoy popping, rooting, owning and pwning all the things. I am aware that what we do is there to assist and encourage better defensive countermeasures but I just leave that to the… →

using ~ to enumerate directories on IIS 6.0

By admin.au | June 1, 2025 - 6:40 am |June 1, 2025 Exploits

Leave a comment

Recently I was running a web application assessment for a client whose system was running IIS 6.0 on Windows 2003 server. Much foosball and coffee had already gone into this assessment yet I still didn’t have the “Oh Shit, how did you find that?” discovery that makes developers curl up… →

def con: the documentary

By admin.au | June 1, 2025 - 6:36 am |June 7, 2025 Documentary, Videos

Leave a comment

def con: the documentary DEF CON is the world’s largest hacking conference, held in Las Vegas, Nevada. In 2012 it was held for the 20th time. The conference has strict no-filming policies, but for DEF CON 20, a documentary crew was allowed full access to the event. The film follows… →

using perl to grab IP addresses of multiple hostnames

Very Simple Caesar Cipher (Python)

post exploitation: finding passwords in haystacks

data exfiltration over SSL with srvdir

cracking the infernal hades

d0x’n myself beats the “hello world” post

is robots.txt dead? lets ask dropbox

build a heartbleed test lab in 5 minutes

using ~ to enumerate directories on IIS 6.0

def con: the documentary

Find Something

Catgoreez