You can register an iTabCode account to be able to view iTabCode without ads. ( Registration is Free ) Register Now

exploitation

  1. x32x01

    Empire - PowerShell Post-Exploitation Agent

    In our today's article we are going to discuss about Empire Framework by BC Security. Now Kali Linux and BC Security made a partnership and Kali users got exclusive early access to “Empire 3” (powershell-empire) & “StarKiller”. That's what exactly Kali developers said: On our this detailed...
  2. x32x01

    Exploitation of UnreaIIRCd 3.2.8.1 by using Metasploit and Perl Script

    UnrealIRCd is an open source IRC daemon, originally based on DreamForge, and is available for Unix-like operating systems and Windows. Since the beginning of development on UnrealIRCd circa May 1999, many new features have been added and modified, including advanced security features and bug...
  3. x32x01

    JAVA RMI (Remote Method Invocation) Exploitation with Metasploit Framework

    The Java Remote Method Invocation, or Java RMI, is a mechanism that allows an object that exists in one Java virtual machine to access and call methods that are contained in another Java virtual machine; This is basically the same thing as a RPC, but in an object-oriented paradigm instead of a...
  4. x32x01

    Install DVWA (Damn Vulnerable Web Application) in Kali Linux - Detailed Tutorial

    Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn defenseless. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid...
  5. x32x01

    HTTP PUT Method Exploitation with Put2Win (Meterpreter Shell)

    From previous post, we came across to different actions performed by HTTP methods where we had described the role of PUT method which allow client to upload a file on server with different ways i.e with Netcat, with Nmap, with BurpSuite, with Curl, with Quickput, with Cadaver and with Metasploit...
  6. x32x01

    Exploitation of DVR Cameras - CVE-2018-9995 [Tutorial]

    A security expert Belahsan Ouerghi has shed light on a new hacking tool called DVR Exploiter that exploits the CVE-2018-9995 vulnerability against IoT devices. It is able to extract account credentials of DVR devices thereby accessing the devices and their video feeds. TBK DVR4104 and DVR4216...
  7. x32x01

    Drupal 7 Exploitation with Metasploit Framework [SQL Injection]

    Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of...
  8. x32x01

    Post Exploitation with PowerShell Empire 2.3.0 [Detailed Tutorial]

    The post exploitation phase begins after you have compromised one or more systems but you’re not even close to being done yet. Post exploitation is always a critical component in any penetration test. This is where you differentiate yourself from the average, run-of-the-mill hacker and actually...
  9. x32x01

    ShellShock and BeEF Framework - Exploitation Tutorial

    In a previous tutorial, we successfully exploited the ShellShock Vulnerability with Metasploit Framework and Burp Suite. And in this article we’ll gonna exploit the same vulnerability with BeEF Framework which is one of the most popular Browser Exploitation Framework but it is not actively...
  10. x32x01

    ShellShock Exploitation with BurpSuite [PentesterLab] CVE-2014-6271

    This is an exercise from PentesterLab to reproduce & demonstrate how to exploit CVE-2014-6271 [ShellShock Vulnerability]. Download Vulnerable ISO – https://www.pentesterlab.com/exercises/cve-2014-6271 Size: 19 MB OS Type: Linux A flaw was found in the way Bash evaluated certain specially...
  11. x32x01

    Exploitation of ShellShock Vulnerability with BadBash Tool

    In a previous article, we have described the ShellShock vulnerability and in this article we show how to exploit this vulnerability using the BadBash Script. BadBash is a CVE-2014-6271 RCE exploit tool. The basic version only checks for the HTTP CGI site and only provides netcat reverse shell...
  12. x32x01

    ShellShock Vulnerability Exploitation With HTTP Request

    In a previous tutorial, we used Metasploit Framework to gain a low-level shell on the target system by exploiting the ShellShock vulnerability. The same can also be done by sending a HTTP Request with Wget and Curl. In order to exploit the ShellShock bug, the following steps need to occur: you...
  13. x32x01

    ShellShock Vulnerability Exploitation With Metasploit Framework

    Previously we’ve well explained the Heartbleed Vulnerability which already created so much havoc and now we’ll show you a live exploitation of ShellShock Vulnerability (CVE-2014-6271) with Metasploit Framework. ShellShock Vulnerability also called Bash Bug Vulnerability which already affects...
  14. x32x01

    Apache Java Struts2 Rest Plugin Exploitation - CVE-2017–9805

    Today, we’ll show you the Remote code exploitation of Apache Struts2 Rest Plugin with XML Exploit. Apache published this advisory about this RCE vulnerability by 5th September 2017 under CVE-2017-9805. The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization...
  15. x32x01

    Exploitation of EternalBlue DoublePulsar [Windows 7 - 64bit]

    EternalBlue Metasploit exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers...
  16. x32x01

    Live Detection and Exploitation of WordPress xmlrpc.php File

    Being as popular cms, it is no surprise that WordPress is often always under attack. Some 70% of Techno’s top 100 blogs are using WordPress as a Content Management System. XML-RPC on WordPress is actually an API (Application program interface), remote procedure call which gives developers who...
  17. x32x01

    Palo Alto (PAN-OS) Exploitation CVE-2017-15944 - Live Demonstration

    Last year, a critical remote code execution vulnerability was found in Palo Alto Network Firewalls by Philip Pettersson. Palo Alto Network Firewalls has a component called as PAN-OS whose versions 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier versions are core affected with this vulnerability. Palo...
  18. x32x01

    HTTP PUT Method Exploitation - Live Penetration Testing

    In this post, we’ll be exploiting the HTTP PUT method vulnerability on one of the Metasploitable2 webserver through which you can easily upload any malicious file onto the server and can gain the access of the whole webserver in meterpreter shell. In last article, we’ve already learnt that how...
  19. x32x01

    Live SQL Injection Exploitation with SQLMap – A Detailed Guide

    Hello geeks, today we’ll show you some basic SQL Injection techniques with the help of Python and SQLMap. SQL injection is one of the most critical vulnerabilities till now and is still included in the OWASP Top 10 list’s Injection flaws section. Sqlmap is one of the most popular automated SQL...
Top