[security]evil-winrm installation

I am trying to use evil-winrm to get a windows shell with an user credential via tcp/5985 (winrm) ruby evil-winrm -i 192.168.1.1 -u username -p password, but I encountered ruby modules problem which are winrm and winrm-fs, hence I need to install the modules gem install winrm; gem install winrm-fs or simply gem install evil-winrm

[security] File descriptor connecting to nix system and danger of using exec() in python

I have been writing python for quite a while about 2 years to be exact and mostly I am writing network related scripts or API calling scripts, but I have never used the python statement exec before, according to the help the exec is to execute the python statements. So supposed I need to print … Continue reading [security] File descriptor connecting to nix system and danger of using exec() in python

[security]Update new exploitdb script to metasploit

So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017. The ruby script that … Continue reading [security]Update new exploitdb script to metasploit

[security] File upload

The lab uses metasploitable. This lab gives awareness of file upload vulnerability, there are three levels of security - low, medium and high, the objective is to try to upload a forward shell code then connect to it to gain the server access. Low security This is the php code of low security file upload: … Continue reading [security] File upload