Clik here to view.
Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)
This artilce is about how to use sqlmap for sql injection to hack victim pc and gain shell access. Here I had perform sql attack to gain three different type of shell (meterpreter; command shell; VNC...
View ArticleClik here to view.
Hack the Pentester Lab: from SQL injection to Shell VM
Today we are going to perform penetration testing in another lab, download it from here. Now install the iso image in VM ware and start it. The task given in this lab is to gain access of...
View ArticleClik here to view.
Brute Forcing Multiple Databases using HexorBase
HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce...
View ArticleClik here to view.
Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin)
Burp CO2 is an extension for the popular web proxy / web application testing tool called Burp Suite, available at Portswigger. You must install Burp Suite before installing the Burp CO2 extension. The...
View ArticleClik here to view.
SQL Injection Exploitation in Multiple Targets using Sqlmap
In this article we are going to perform sql injection attack on multiple target through sqlmap In the tutorial I had used two buggy web dvwa and Acurat (vulweb.com). Start dvwa and select sql...
View ArticleClik here to view.
Hack the Pentester Lab: from SQL injection to Shell II (Blind SQL Injection)
Today we are going to perform penetration testing with part II of previous lab, download it from here. Now install the iso image in VM ware and start it. In this lab task level is intermediate and...
View ArticleClik here to view.
Easy way to Hack Database using Wizard switch in Sqlmap
Sqlmap provides wizard options for beiggner and save your much time. So start your kali Linux and open the terminal and now the following command to use wizard interface of sqlmap. sqlmap -u...
View ArticleClik here to view.
Exploiting Sql Injection with Nmap and Sqlmap
This article is about how to scan any target for sql injection using NMAP and then exploit the target with sqlmap if NMAP finds the target is vulnerable to sql injection. Now go with this tutorial for...
View ArticleClik here to view.
Hack the Basic HTTP Authentication using Burpsuite
In the context of a HTTP transaction, basic access authentication is a method for a HTTP user agent to provide a user name and password when making a request. HTTP Basic authentication (BA)...
View ArticleClik here to view.
Beginner Guide of mysql Penetration Testing
In this article we are going to perform penetration testing on mysql server, here we will perform attack through metasploit framework. Attacker: kali Linux Target: metasploitable II Lets Begin!!...
View ArticleClik here to view.
Exploiting Form Based Sql Injection using Sqlmap
In this tutorial you will came to across how to perfrom sql injection attack on a login form of any website. There are so many example related to login form like: facebook login; gmail login; other...
View ArticleClik here to view.
Hack the USV VM (CTF Challenge)
A new challenge for all of you guys! This CTF is all about conquering flags coming across our way as we go further in our penetration testing of this lab. All the flags should be discovered in form...
View ArticleClik here to view.
Web Penetration Testing with Tamper Data (Firefox Add-on)
Tampering is the way of modifying the request parameters before request submission. Tampering can be achieved by various methods and one of the ways is the through Tamper Data. Tamper data is one of...
View ArticleClik here to view.
Hack the Pipe VM (CTF Challenge)
PIPE is another CTF which gives you a platform to enhance your penetration testing skills. So let’s not waste any more time and get started with it. First of all download pipe lab from here Like always...
View ArticleClik here to view.
5 ways to File upload vulnerability Exploitation
File upload vulnerability is a major problem with web based applications. In many web servers this vulnerability depends entirely on purpose, that allows an attacker to upload a file with malicious...
View ArticleClik here to view.
Hack Windows PC using Firefox nsSMIL Time Container: :Notify Time Change() RCE
This module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows. Exploit...
View ArticleClik here to view.
Shell Uploading in Web Server through PhpMyAdmin
In this tutorial we will learn how to exploit a web server if we found phpmyadmin panel has been left open. Here I will try to exploit phpmyadmin which is running inside the localhost “xampp” by...
View ArticleClik here to view.
Web Shells Penetration Testing (Beginner Guide)
Through this article I would like to share file uploading using different type web shell scripts on a web server and try to get unauthorized access in the server. Web shells are the scripts that are...
View ArticleClik here to view.
Hack the Gibson VM (CTF Challenge)
It’s a boot2root challenge and it does not get over with getting root access. You have to find flag also. So let’s start. First of all download lab from https://download.vulnhub.com/gibson/gibson.ova...
View ArticleClik here to view.
Exploit Command Injection Vulnearbility with Commix and Netcat
In this article I will show how easily you can hack a web server using commix tool if the severe is suffering from OS command injection vulnerbility. Attaker: kali Linux Target: bwapp Download it from...
View Article