[security] File descriptor connecting to nix system and danger of using exec() in python

I have been writing python for quite a while about 2 years to be exact and mostly I am writing network related scripts or API calling scripts, but I have never used the python statement exec before, according to the help the exec is to execute the python statements. So supposed I need to print … Continue reading [security] File descriptor connecting to nix system and danger of using exec() in python

[security]Update new exploitdb script to metasploit

So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017. The ruby script that … Continue reading [security]Update new exploitdb script to metasploit

[security] File upload

The lab uses metasploitable. This lab gives awareness of file upload vulnerability, there are three levels of security - low, medium and high, the objective is to try to upload a forward shell code then connect to it to gain the server access. Low security This is the php code of low security file upload: … Continue reading [security] File upload

Web Application Attack: Cross site scripting (aka XSS)

Reflected XSS Reflected XSS is a technique that uses the web server's domain and attached your own script onto the domain; the attacker then uses this link and sends to unsuspected user, once the user clicked on the link the script is executed by user's browser. Test for XSS Preparing a link that attaches attacker's … Continue reading Web Application Attack: Cross site scripting (aka XSS)

Web Application Pentesting: Manual SQL injection

Reference: http://en.wikipedia.org/wiki/SQL_injection In a nutshell SQL injection allows unauthorized people to use SQL syntax to query the web server database backend, it is called injection because the SQL syntax is inserted into web application variables. The purpose for this post is to raise awareness of what is SQL injection and how serious it is if … Continue reading Web Application Pentesting: Manual SQL injection

Social Engineering Toolkit and Metasploit: Web cloning attack and uploading a backdoor

Creating a persistent backdoor Afterword Modern antivirus program is capable of detecting such backdoor and even prevent the download of the encoded payload into victim's machine; payload encoded by shikata ganai 4 times is not enough to evade most of the modern antivirus program. In the past I used to click and execute unknown java … Continue reading Social Engineering Toolkit and Metasploit: Web cloning attack and uploading a backdoor