Clik here to view.
4 Ways to get Linux Privilege Escalation
When you exploit the victim pc there would be certain limits which resist performing some action even after you are having the shell of victim’s pc. To get complete access of your victim pc; you need...
View ArticleClik here to view.
Hack the Seattle VM (CTF Challenge)
This is another article for Boot2Root series in CTF challenges. This lab is prepared by HollyGracefull. This is just a preview of the original lab which stimulates the Ecommerce web application which...
View ArticleClik here to view.
Hack the Billy Madison VM (CTF Challenge)
Today in our CTF challenges we are going to do Billy Madison. This VM is based on 90’s movie Billy Madison, hence the name of the VM. The main aim of this VM is to figure out how Eric took over the...
View ArticleClik here to view.
Hack Locked PC in Network using Metasploit
Today we will discover how to take Meterpreter session of a pc in a network which is switched on but is locked. Let us assume that our victim’s pc already has sticky keys attack enabled on it. To know...
View ArticleClik here to view.
Get Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled)
Lets learn how to take Meterpreter session of a pc in a network which is switched on but is locked and has remote desktop feature enabled on it. Let us assume that our victim’s pc already has utilman...
View ArticleClik here to view.
SQL Injection Exploitation in DVWA (Bypass All Security)
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the...
View ArticleClik here to view.
Hack the Necromancer VM (CTF Challenge)
The Necromancer boot2root box was created for a recent SecTalks Brisbane CTF competition. There are 11 flags to collect on your way to solving the challenge. The end goal is simple…. Destroy the...
View ArticleClik here to view.
Powershell Injection Attacks using Commix and Magic Unicorn
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application...
View ArticleClik here to view.
Hack the Hackday Albania VM (CTF Challenge)
This was used in HackDay Albania’s 2016 CTF. It uses DHCP. Note: VMware users may have issues with the network interface doing down by default. You are recommended to use Virtualbox. Download the lab...
View ArticleClik here to view.
Database Penetration Testing using Sqlmap (Part 1)
Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection...
View ArticleClik here to view.
Hack the Freshly VM (CTF Challenge)
Here we come with a new article which will all be about a penetration testing challenge called FRESHLY. The goal of this challenge is to break into the machine via the web and find the secret hidden in...
View ArticleClik here to view.
Hack File upload Vulnerability in DVWA (Bypass All Security)
File upload vulnerability are a major problem with web based applications. In many web server this vulnerability depend entirely on purpose that allows an attacker to upload a file hiding malicious...
View ArticleClik here to view.
FTP Service Exploitation in Metasploitable 3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with Metasploit, hence to brush up...
View ArticleClik here to view.
Hack Metasploitable 3 using Elasticsearch Exploit
Elastic search is a distributed REST search engine used in companies for analytic search. And so we will learn how to exploit our victim through it. Start off by nmap. nmap –p- -A 192.168.1.8 Nmap...
View ArticleClik here to view.
Metasploitable 3 Exploitation using Brute forcing SSH
Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. I am using nmap command for scanning the target PC. Type the following command on terminal...
View ArticleClik here to view.
Hack Metasploitable 3 using SMB Service Exploitation
Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. I am using nmap command for scanning the target PC. NMAP shown all available open ports...
View ArticleClik here to view.
Perform DOS Attack on Metasploitable 3
Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. Use nmap command for scanning the victim PC. Type the following command on terminal in...
View ArticleClik here to view.
Hack Metasploitable 3 using Mysql Service Exploitation
Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. Use nmap command for scanning the target PC. NMAP shown all available open ports and their...
View ArticleClik here to view.
Hack the Zorz VM (CTF Challenge)
Zorz is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. This machine will probably test your web...
View ArticleClik here to view.
Manual Penetration Testing in Metasploitable 3
Target: Metasploitable 3 Attacker: Kali Linux Scan the target IP to know the Open ports for running services. I am using nmap command for scanning the target PC. Type the following command on terminal...
View Article