File Inclusion to Meterpreter

File Inclusion to Meterpreter

What is File Inclusion vulnerability?

File inclusion vulnerability is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. A file include…

View On WordPress

File upload vulnerability to Meterpreter

File upload vulnerability to Meterpreter

Vulnerability Name: Arbitrary file upload vulnerability in DVWA frame work in “low” section.

System Specification:

Victim – Windows XP SP2 [IP: 192.168.24.131]

Attacker – Kali Linux 2.0 [IP: 192.168.24.133 PORT: 4444]

Success Criteria: Following two conditions are mandatory for exploiting file upload vulnerability –

Attacker can upload any file (including .php, .asp, .aspx etc)

Attacker can…

View On WordPress

OS Command Injection to Meterpreter

OS Command Injection to Meterpreter

Definition:Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the…

View On WordPress

SQL Injection to Meterpreter

SQL Injection to Meterpreter

Goal: By exploiting SQL Injection vulnerability fully compromise the victim server and get reverse shell (Meterpreter) using SQLMap.

Victim System: Damn Vulnerable Web App (DVWA) is installed in Windows XP for creating such virtual lab. IP: 192.168.24.131

Attacker System: Kali Linux 2.0 [Python 2.7, SQLMap and Metasploit installed by default]. IP: 192.168.24.129

Tools:

SQLMap:sqlmap is a python…

View On WordPress

How to Secure Online Transaction?

How to Secure Online Transaction?

Introduction:Nowadays we have shifter our life into digital form. Today we have moved from hand written letter to e-mail/chat , TV to IP-TV, coins to bitcoins, messaging to whatsapp etc. So it is obvious that we now do online shopping instead of going to market. This actually saves our time but there is high probability to compromise/hack our personal information by malicious hackers. So how to…

View On WordPress

Hack a Remote Windows System Using Trojan [Over the Internet]

Hack a Remote Windows System Using Trojan [Over the Internet]

Disclaimer: This tutorial is only for educational purpose. We are not responsible for any misuse of this tutorial.

Scenario: Victim is using Windows 7 [Firewall enabled, User Access Control (UAC) enabled] and within a network. Attacker is within a different network. Attacker needs the full control of the victim machine to crack the Gmaill and Facebook.

Requirement:

njRAT

Windows OS

noip.com and…

View On WordPress