[security] File descriptor connecting to nix system and danger of using exec() in python

I have been writing python for quite a while about 2 years to be exact and mostly I am writing network related scripts or API calling scripts, but I have never used the python statement exec before, according to the help the exec is to execute the python statements. So supposed I need to print … Continue reading [security] File descriptor connecting to nix system and danger of using exec() in python

[security]Update new exploitdb script to metasploit

So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017. The ruby script that … Continue reading [security]Update new exploitdb script to metasploit

[security] File upload

The lab uses metasploitable. This lab gives awareness of file upload vulnerability, there are three levels of security - low, medium and high, the objective is to try to upload a forward shell code then connect to it to gain the server access. Low security This is the php code of low security file upload: … Continue reading [security] File upload

[python] Improving get_project_dirs method of SSHClient subclass

I noticed I did not have enough testing on my code for getting directories under base project directory. This is part of the code snippet of my SSHClient subclass: The problem The method gets all things under the base directory that is files and directories, that is because I have sliced and diced too much … Continue reading [python] Improving get_project_dirs method of SSHClient subclass