Top 3 best brute force attack tools
A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force...
Tagged: penetration testing
PenQ – The Security Testing Browser Bundle
PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web...
What is Server Side Template Injection (SSTI)?
The web application uses templates to make the web pages look more dynamic. Server Side Template Injection occurs when user input is embedded in a template in an unsafe manner....
WMAP: Web Vulnerability Scan on Metasploit
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open...
Dumping and Cracking the local user accounts from the SAM database
Let’s talk about the hash crack through post / hashdump and john (john the ripper) of the Metasploit module. Once the meterpreter shell is injected and driven into the target...
Exploiting PUT method for uploading WebShell
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered...
How to secure Switches and Routers
Traditional network security technologies focus on systems intrusion detection, anti-virus or firewall software. What about internal security? Network security configuration, the switches and routers is very important, in the ISO...
Blasting Network Management Protocol (SNMP)
Introduction to SNMP Simple Network Management Protocol (SNMP), consisting of a set of network management standards, contains an application layer protocol, a database schema, and a set of data objects....
Finding and exploiting Cross-site request forgery (CSRF)
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of...
Penetration Testing in the Real World
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it...
Penetration-Testing-Toolkit: A web interface to automate Penetration Testing
Penetration Testing Toolkit A web interface to automate Scanning, Generating metasploit payload, Network Testing,Exploring CMS,Information Gathering,DNS Queries,IP Tools,Domain tools and much more. Features Includes web interface for different tools for...
Metasploitable3: SSH Bruteforce & get Remote Shell
Description The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly...
BlackArch Linux – Penetration Testing Distribution
BlackArch – really a very powerful distro for penetration testing. The official sponsor of the development of the distribution is a hacker group NullSecurity, so we can say with certainty...
