Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 13, 2017 · Last modified July 28, 2017
XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An attacker sends specially constructed information to the...
A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 3, 2017 · Last modified November 4, 2017
PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified February 6, 2018
The web application uses templates to make the web pages look more dynamic. Server Side Template Injection occurs when user input is embedded in a template in an unsafe manner. However, in the initial...
Metasploit / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified July 27, 2017
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open source[2] Metasploit Framework, a...
Metasploit / Network PenTest / Post Exploitation
by do son · Published January 2, 2017 · Last modified July 27, 2017
Let’s talk about the hash crack through post / hashdump and john (john the ripper) of the Metasploit module. Once the meterpreter shell is injected and driven into the target pc, the shell connection...
Web Exploitation / WebApp PenTest
by do son · Published December 25, 2016 · Last modified October 10, 2021
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered as a modified version...
Traditional network security technologies focus on systems intrusion detection, anti-virus or firewall software. What about internal security? Network security configuration, the switches and routers is very important, in the ISO networks model, in each...
Introduction to SNMP Simple Network Management Protocol (SNMP), consisting of a set of network management standards, contains an application layer protocol, a database schema, and a set of data objects. The protocol can support...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 22, 2016 · Last modified December 12, 2017
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of a website (“Web Application”);...
Exploitation / Information Gathering / Maintaining Access / Network PenTest / Post Exploitation / Vulnerability Analysis / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 21, 2016 · Last modified August 1, 2017
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that computer functionality...
Exploitation / Information Gathering / Maintaining Access / Metasploit / Network PenTest / Post Exploitation / Vulnerability Analysis / Web Exploitation / Web Information Gathering / Web Maintaining Access / Web Vulnerability Analysis / WebApp PenTest
by ddos-admin · Published December 15, 2016 · Last modified July 30, 2017
Penetration Testing Toolkit A web interface to automate Scanning, Generating metasploit payload, Network Testing,Exploring CMS,Information Gathering,DNS Queries,IP Tools,Domain tools and much more. Features Includes web interface for different tools for web scanning like nmap,uniscan,lbd,wapiti,nikto,whatweb,sslyze...
Exploitation / Information Gathering / Metasploit / Network PenTest / Vulnerability Analysis
by do son · Published November 29, 2016 · Last modified October 10, 2021
Description The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key. Solution...
by do son · Published October 30, 2016 · Last modified February 27, 2017
BlackArch – really a very powerful distro for penetration testing. The official sponsor of the development of the distribution is a hacker group NullSecurity, so we can say with certainty that it is a...
Secure Your Connection
