CVE-2016-10033: WordPress 4.6 RCE Vulnerability
WordPress (WP) is a free and open source CMS for managing a website, blog, and other content on the Internet that was first released on May 27, 2003. Today, WordPress is used on over...
Metasploit / Penetration Testing / WebApp PenTest
by do son · Published May 3, 2017 · Last modified May 17, 2017
WordPress (WP) is a free and open source CMS for managing a website, blog, and other content on the Internet that was first released on May 27, 2003. Today, WordPress is used on over...
Metasploit / Web Exploitation / WebApp PenTest
by do son · Published April 26, 2017 · Last modified July 27, 2017
Apache Struts is an open source project maintained by the Apache Software Foundation, an open source MVC framework for creating enterprise Java Web applications, offering two versions of the framework products: Struts 1 and...
Exploitation / Metasploit / Network PenTest
by do son · Published April 25, 2017 · Last modified August 4, 2017
Shadow Brokers shocked the world once again leaked a confidential document, which contains a number of beautifully Windows remote exploits that can cover a large number of Windows servers, Windows servers almost all across...
Exploitation / Metasploit / Network PenTest / Vulnerability Analysis
by do son · Published April 19, 2017 · Last modified November 4, 2017
What is Backdoor Factory? 1. What is Patching? “A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it.[1] This includes fixing security...
Exploitation / Metasploit / Network PenTest
by do son · Published April 17, 2017 · Last modified July 26, 2017
In Metasploit it supports an interesting feature called AutoRunScript. This feature can enable users to specify the module operation by creating the .rc file pre-registered automatically during operation Exploit. It can be shortened for...
Source github
Metasploit / Network PenTest / Post Exploitation
by do son · Published April 8, 2017 · Last modified July 28, 2017
Sometimes, I can get only shell session on your target by exploting some vulerabiliy. With shell session, you can execute commands that OS system support as ipconfig, systeminfo, tasklist, taskill… But i need to...
Maintaining Access / Metasploit / Network PenTest / Post Exploitation
by do son · Published March 23, 2017 · Last modified July 29, 2017
What is Meterpreter? Meterpreter is an extension module in the Metasploit framework that is used as an attack after a successful overflow. The attack returns a control channel after the overflow attack succeeds. Meterpreter...
Exploitation / Metasploit / Network PenTest
by do son · Published January 26, 2017 · Last modified July 28, 2017
Introduce SMB: Short for Server Message Block, SMB is a common network communications method used on Microsoft operating systems allowing those computers to communicate with other SMB computers. Linux and Unix computers can find...
Metasploit / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified July 27, 2017
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open source[2] Metasploit Framework, a...
Metasploit / Network PenTest / Post Exploitation
by do son · Published January 2, 2017 · Last modified July 27, 2017
Let’s talk about the hash crack through post / hashdump and john (john the ripper) of the Metasploit module. Once the meterpreter shell is injected and driven into the target pc, the shell connection...
Exploitation / Information Gathering / Maintaining Access / Metasploit / Network PenTest / Post Exploitation / Vulnerability Analysis / Web Exploitation / Web Information Gathering / Web Maintaining Access / Web Vulnerability Analysis / WebApp PenTest
by ddos-admin · Published December 15, 2016 · Last modified July 30, 2017
Penetration Testing Toolkit A web interface to automate Scanning, Generating metasploit payload, Network Testing,Exploring CMS,Information Gathering,DNS Queries,IP Tools,Domain tools and much more. Features Includes web interface for different tools for web scanning like nmap,uniscan,lbd,wapiti,nikto,whatweb,sslyze...
Exploitation / Information Gathering / Metasploit / Network PenTest / Vulnerability Analysis
by do son · Published November 29, 2016 · Last modified October 10, 2021
Description The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key. Solution...
Metasploit / Web Exploitation / WebApp PenTest
by do son · Published November 28, 2016 · Last modified January 12, 2018
Introduction Apache Axis2™ is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack. There are two implementations of the Apache Axis2 Web services engine –...
Exploitation / Metasploit / Network PenTest
by do son · Published November 4, 2016 · Last modified February 6, 2018
msf > use exploit/windows/misc/hta_server This module hosts an HTML Application (HTA) that when opened will run a payload via Powershell. When a user navigates to the HTA file they will be prompted by IE...