Magic numbers are the first bits of a file which uniquely identify the type of file. it can be helpful to look for file format signatures and inferring how the application is using them based on these signatures, as well as how these formats may be abused to provoke...
https://wiki.owasp.org/index.php/Testing_for_Local_File_Inclusion The File Inclusion vulnerability allows an attacker to include a file within the system, this happens due to bad handling of user input. Local File Inclusion (also known as LFI) is the process of...
This is a summary of some tips from “The Web Application Hackers Handbook” to test authentication mechanisms as well as recommendations for securing it, it think that book is a great resource for learning web app pentest. Brute-Forcible Login 1. Manually submit...
The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does...
Having a session already the next step is to escalate privileges. The next sample is going to show basic steps for Windows 1. Find about the target X86/windows 2. Scan for vulnerabilities run post/multi/recon/local_exploit_suggester For this demo, I will be using the...
This script is to find out about available exploits in Windows. Execution 1. Gather system information from meterpreter. execute -f => to run cmd commands cmd.exe /c systeminfo => open cmd and execute the command systeminfo >> systeminfo.txt => create a...
This vulnerability exploit windows kernel vulnerability that leads to privilege escalation. Vulnerable: Microsoft Windows Vista Service Pack 2 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2...
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka...
Using Pearl to elevate privileges using a reverse shell. Exploit 1. Check sudo permissions sudo -l 2. Start a listener on Kali/Parrot nc -lvnp 4445 3. run perl using sudo as no password is required. sudo /usr/bin/perl -e 'use...
Low Orbit Ion Cannon (LOIC) is one the easiest DDoS tools available, DoS (Denial of service) attack is one of the more powerful hacks, capable of completely taking a server down. In this way, the server will not be able to handle the requests of valid users. With a...
FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. If anonymous login is allowed by admin to connect with FTP then anyone can...
When an application is vulnerable to SQL injection and the results of the query are returned within the application's responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in an SQL injection UNION attack....
Basic of SQL for SQL Injection In this Tutorial we will discuss some basics of SQL queries and concentrate on queries and basics which will help us while different Phases of Injection. This will be like a crash course of SQL as per the requirements of SQL Injection....