Clik here to view.
Play Youtube videos as background sound in Remote PC using Xerosploit
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow realizing efficient attacks, and also allows...
View ArticleClik here to view.
5 ways to Brute Force Attack on WordPress Website
Brute force attack using Burp Suite To make Burp Suite work, firstly, we have to turn on manual proxy and for that go to the settings and choose Preferences. Then select advanced option and further go...
View ArticleClik here to view.
Exploit Windows 10 pc using WinaXe 7.7 FTP Client Remote Buffer Overflow
This module exploits a buffer overflow in the WinaXe 7.7 FTP client. This issue is triggered when a client connects to the server and is expecting the Server Ready response. Exploit Targets WinaXe 7.7...
View ArticleClik here to view.
Hack Android Phone using HTA Attack with QR Code
QR Code is a 2 dimensional barcode which can be scanned using Smartphone’s or dedicated QR Readers. These QR Codes are directly linked to contact numbers, websites, usernames, photos, SMS, E-mails and...
View ArticleClik here to view.
7 Ways to Get Admin Access of Remote Windows PC (Bypass Privilege Escalation)
When you exploit the victim pc there would be certain limits which resist performing some action even after you are having the shell of victim’s pc. To get complete access of your victim pc; you need...
View ArticleClik here to view.
Hack the SkyDog Con CTF 2016 – Catch Me If You Can VM
SkyDog is the second VM in CTF Root2Boot series created by James Brower. It is configured with DHCP so the IP will be given to it automatically. This VM is based on Catch me if you can which is movie...
View ArticleClik here to view.
Capture Images in Mobile using Driftnet through Wifi Pumpkin
WiFi-Pumpkin is an open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Using WiFi Pumpkin, one can create a wifi network that captures all the...
View ArticleClik here to view.
4 Ways to get Linux Privilege Escalation
When you exploit the victim pc there would be certain limits which resist performing some action even after you are having the shell of victim’s pc. To get complete access of your victim pc; you need...
View ArticleClik here to view.
Hack the Seattle VM (CTF Challenge)
This is another article for Boot2Root series in CTF challenges. This lab is prepared by HollyGracefull. This is just a preview of the original lab which stimulates the Ecommerce web application which...
View ArticleClik here to view.
Hack the Billy Madison VM (CTF Challenge)
Today in our CTF challenges we are going to do Billy Madison. This VM is based on 90’s movie Billy Madison, hence the name of the VM. The main aim of this VM is to figure out how Eric took over the...
View ArticleClik here to view.
Hack Locked PC in Network using Metasploit
Today we will discover how to take Meterpreter session of a pc in a network which is switched on but is locked. Let us assume that our victim’s pc already has sticky keys attack enabled on it. To know...
View ArticleClik here to view.
Get Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled)
Lets learn how to take Meterpreter session of a pc in a network which is switched on but is locked and has remote desktop feature enabled on it. Let us assume that our victim’s pc already has utilman...
View ArticleClik here to view.
SQL Injection Exploitation in DVWA (Bypass All Security)
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the...
View ArticleClik here to view.
Hack the Necromancer VM (CTF Challenge)
The Necromancer boot2root box was created for a recent SecTalks Brisbane CTF competition. There are 11 flags to collect on your way to solving the challenge. The end goal is simple…. Destroy the...
View ArticleClik here to view.
Powershell Injection Attacks using Commix and Magic Unicorn
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application...
View ArticleClik here to view.
Hack the Hackday Albania VM (CTF Challenge)
This was used in HackDay Albania’s 2016 CTF. It uses DHCP. Note: VMware users may have issues with the network interface doing down by default. You are recommended to use Virtualbox. Download the lab...
View ArticleClik here to view.
Database Penetration Testing using Sqlmap (Part 1)
Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection...
View ArticleClik here to view.
Hack the Freshly VM (CTF Challenge)
Here we come with a new article which will all be about a penetration testing challenge called FRESHLY. The goal of this challenge is to break into the machine via the web and find the secret hidden in...
View ArticleClik here to view.
Hack File upload Vulnerability in DVWA (Bypass All Security)
File upload vulnerability are a major problem with web based applications. In many web server this vulnerability depend entirely on purpose that allows an attacker to upload a file hiding malicious...
View ArticleClik here to view.
FTP Service Exploitation in Metasploitable 3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with Metasploit, hence to brush up...
View Article