Category Archives: Vulnerability Assessment and Pentest

Hackademia Challenge 001

Posted on November 5, 2012 by cyruslab

This is an old hacking lab game. Summary Steps 1. View the source code of the page to find hints. 2. Use burpsuite proxy. 3. add the root to the item scope, then do web spidering. Advertisements

Posted in Security, Vulnerability Assessment and Pentest | Tagged burpsuite, burpsuite proxy, hackademia challenge 001, pentest | Leave a comment

Blind SQL injection A web application that is vulnerable to SQL injection may display SQL error that looks like this:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right … Continue reading →

Posted in Security, Vulnerability Assessment and Pentest | Tagged blind sql injection, burpsuite, mysql injection, owasp top 10, sql injection, sqli, sqlmap | 2 Comments

Test for sql injection

Posted on October 27, 2012 by cyruslab

Target = DVWA version 1.0.7 nmap the target The -sS is to use TCP syn, -sV is to find out the version of the service, -Pn is to disable ping to save time, -v(or multiple vs) is for verbose output. … Continue reading →

Posted in Security, Vulnerability Assessment and Pentest | Tagged dvwa, mysql injection, pentest, sql injection, sqli, sqlmap | 4 Comments

XSS: Google Earth XSS vulnerability

Posted on March 25, 2012 by cyruslab

I came across an interesting article that longrifle0x has found a vulnerability for script execution within Google Earth. So I decided to test with metasploit, in an attempt to see if the payload can be sent to victim, but it was sandboxed, … Continue reading →

Posted in Security, Vulnerability Assessment and Pentest | Tagged google earth xss, longrifle0x, xss | Leave a comment

Web Application Attack: Cross site scripting (aka XSS)

Posted on March 25, 2012 by cyruslab

Reflected XSS Reflected XSS is a technique that uses the web server’s domain and attached your own script onto the domain; the attacker then uses this link and sends to unsuspected user, once the user clicked on the link the … Continue reading →

Posted in Security, Vulnerability Assessment and Pentest | Tagged cross site scripting, reflected xss, stored xss, web application attack, webapp attack, webapp pentest, xss | 1 Comment

Web Application Pentesting: Manual SQL injection

Posted on March 22, 2012 by cyruslab

Reference: http://en.wikipedia.org/wiki/SQL_injection In a nutshell SQL injection allows unauthorized people to use SQL syntax to query the web server database backend, it is called injection because the SQL syntax is inserted into web application variables. The purpose for this post … Continue reading →

Posted in Security, Vulnerability Assessment and Pentest | Tagged damned vulnerable web application, dvwa, manual sql injection, mysql injection, sql injection, web application attack, webapp attack | 3 Comments

Social Engineering Toolkit and Metasploit: Web cloning attack and uploading a backdoor

Posted on March 20, 2012 by cyruslab

Creating a persistent backdoor Afterword Modern antivirus program is capable of detecting such backdoor and even prevent the download of the encoded payload into victim’s machine; payload encoded by shikata ganai 4 times is not enough to evade most of … Continue reading →

Posted in Security, Vulnerability Assessment and Pentest | Tagged backdoor, metasploit, meterpreter, persistent backdoor, persistent visual basic script backdoor, SET, social engineering, social engineering toolkit, vb script backdoor, web cloning attack | 6 Comments

Category Archives: Vulnerability Assessment and Pentest

Hackademia Challenge 001

Test blind sql injection

Test for sql injection

XSS: Google Earth XSS vulnerability

Web Application Attack: Cross site scripting (aka XSS)

Web Application Pentesting: Manual SQL injection

Categories

Archives

Recent Posts

Top Posts

CCIE blogroll

External Links

IDS

Open source

Pentest Virtual Lab

Security (VA and Pentest)

Blog Stats

Follow Blog via Email