Tag Archives: Penetration Testing

Using Facebook As A Proxy

Source: IHTeam Security Blog by R00t.ATI In this article “Having a facebook account is not so bad if you can have a free and fast proxy! The affected page is: developers.facebook.com/tools/debug/og/echo?q= “q” parameter must be a valid unescaped URL. Output page will show you the HTML code of the URL and guess what? Request will be made by… Read More »

Burp Suite Series: Efficient use of Payload Options when Attacking HTTP Basic Authentication

Source: Spylogic.net by Tom In this article “In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests. Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks.  First up are some techniques to use when conducting brute force attacks… Read More »

PowerSploit – Inject-Shellcode Update

Source: Exploit-Monday.com In this article “I just released an updated version of Inject-Shellcode. Significant portions of the code have been cleaned up and its parameters were simplified. While I hate to change the original interface, there were several redundancies in the original parameters that didn’t make any sense. Here is the changelog for this release: New Features/Changes: Dramatically… Read More »

HIDING YOUR SHELLS

Source: Secure Planet by Peter In this article “I’ve been working on a couple of little of side projects and finally had a couple hours to sit down and test some things out.  I’m always looking for better ways to hide my reverse shells (and of course meterpreter) and evade anti-virus.  Through some of the conferences I recently… Read More »

Stealing the Keys to the Kingdom through SQL injection

Source: Pentest Geek by zeknox In this article “Recently I was conducting a penetration test for a very large high profile client. The network itself had over 5500+ nodes and nearly 400 subnets.  I started out using one of my new tactics by utilizing Nmap’s new http-screenshot.nse script. If you haven’t had a chance to check it out; I… Read More »