Wordpress Penetration Testing using Symposium Plugin SQL Injection
WP Symposium turns a WordPress website into a Social Network! It is a WordPress plugin that provides a forum, activity (similar to Facebook wall), member directory, private mail, notification panel,...
View ArticleHack Remote PC using PSEXEC Injection in SET Toolkit
Target: Window ServerAttacker machine: kali LinuxIn this article I am going to make powershell injection attack though SEToolkit; for this attack it is necessary that SMB service must be running and...
View ArticleHack the Fortress VM (CTF Challenge)
Previously you have breach many vulnhub CTF, today we will try to breach FORTRESS VULNHUB CTF. Download it fromhere. Start Kali Linux and follow these steps.Open terminal in Kali Linux and run this...
View ArticlePenetration Testing of HTTP Protocol (Verb Tempering)
You all are very much aware of HTTP protocol and its services. HTTP is considered to authorize intermediate network elements to develop communications between clients and servers. HTTP is an...
View Article5 ways to Exploiting PUT Vulnerability in Webserver
Today’s article is related to bypass PUT method vulnerability through various techniques. From previous article we came across to the different action perform by HTTP methods where I have describe the...
View ArticleHack Padding Oracle Lab (CTF Challenge)
The main purpose to solve this lab was to share the padding oracle attack technique with our visitorsThe padding oracle attack enables an attacker to decrypt encrypted data without knowledge of the...
View ArticleShell uploading through sql Injection using Sqmap in bWAPP
Multiple times you people have used sqlmap for sql injection to get database of web server. Here in this tutorial I will show you how to upload any backdoor if the website is suffering from sql...
View ArticleMeterpreter Shell uploading in DVWA with SQl Injection
This article is exactly same as previous article; today I will make use of sqlmap to upload backdoor filein DVWA suffering from sql injection vulnerbility. Requirement:Xampp/Wamp ServerDVWA LabKali...
View ArticleCommand Injection Exploitation through SQL Injection using Sqlmap in DVWA
In this article we will see how to perform command injection using sqlmap and try to execute any cmd command through sqlmap if web server is having sql vulnerability.Requirement:Xampp/Wamp Server...
View ArticleWeb Penetration Testing Lab setup using XVWA
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be...
View ArticleExploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)
This artilce is about how to use sqlmap for sql injection to hack victim pc and gain shell access. Here I had perform sql attack to gain three different type of shell (meterpreter; command shell; VNC...
View ArticleHack the Pentester Lab: from SQL injection to Shell VM
Today we are going to perform penetration testing in another lab, download it from here. Now install the iso image in VM ware and start it. The task given in this lab is to gain access of...
View ArticleBrute Forcing Multiple Databases using HexorBase
HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce...
View ArticleSql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin)
Burp CO2 is an extension for the popular web proxy / web application testing tool called Burp Suite, available at Portswigger. You must install Burp Suite before installing the Burp CO2 extension. The...
View ArticleSQL Injection Exploitation in Multiple Targets using Sqlmap
In this article we are going to perform sql injection attack on multiple target through sqlmapIn the tutorial I had used two buggy web dvwa and Acurat (vulweb.com). Start dvwa and select sql...
View ArticleHack the Pentester Lab: from SQL injection to Shell II (Blind SQL Injection)
Today we are going to perform penetration testing with part II of previous lab, download it from here. Now install the iso image in VM ware and start it. In this lab task level is intermediate and...
View ArticleEasy way to Hack Database using Wizard switch in Sqlmap
Sqlmap provides wizard options for beiggner and save your much time. So start your kali Linux and open the terminal and now the following command to use wizard interface of sqlmap.sqlmap -u...
View ArticleExploiting Sql Injection with Nmap and Sqlmap
This article is about how to scan any target for sql injection using NMAP and then exploit the target with sqlmap if NMAP finds the target is vulnerable to sql injection. Now go with this tutorial for...
View ArticleHack the Basic HTTP Authentication using Burpsuite
In the context of a HTTP transaction, basic access authentication is a method for a HTTP user agent to provide a user name and password when making a request.HTTP Basic authentication (BA)...
View ArticleBeginner Guide of mysql Penetration Testing
In this article we are going to perform penetration testing on mysql server, here we will perform attack through metasploit framework.Attacker: kali LinuxTarget: metasploitable IILets...
View Article