KitPloit - PenTest Tools!-- Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working … Continue reading Taken – Takeover AWS Ips And Have A Working POC For Subdomain Takeover
InfoSec Write-ups - Medium-- Breaking down — Command InjectionsCommand Injection or OS Command Injection is Remote Code execution vulnerabilities, where an attacker is able to exploit an unsanitized user input further to run default OS commands in the server.Code Injection: allows the attacker to add their own code that is then executed by the application.Command Injection: the attacker … Continue reading Breaking down — Command Injections
InfoSec Write-ups - Medium-- WebGoat SSRF 2WebGoat SSRF lesson 2After watching this mind-blowing talk about SSRF from Orange Tsaihttps://medium.com/media/9d02af942d527d802d6ffec391efd2c0/hreflet’s see what’s in this lessonTom, pretty straight forwardPress the button and we get TomThe lesson explicitly tells us to change the URL to “jerry”Hidden page inputInspect the button with your browser dev tool, find the hidden input and change the URL from “tom” to “jerry”And … Continue reading WebGoat SSRF 2 3
InfoSec Write-ups - Medium-- Here I will be briefing, how I created my first python tool for grabbing I.P address(IPv4) and detecting OS (Operating System) for user present on same network.#Only for educational purpose don’t perform any malicious action on the network which you did not own. Strict actions could be taken!Hola Pal’sTested on Python3Getting StartedIt’s a simple … Continue reading Simple I.P Logger in Python
InfoSec Write-ups - Medium-- Memory Analysis For Beginners With VolatilityCoreflood Trojan: Part 2Hello everyone, welcome back to my memory analysis series. If you didn’t read the first part of the series — go back and read it here:Memory Analysis For Beginners With Volatility — Coreflood Trojan: Part 1Just to recap quickly:(if you don’t want the recap skip to the next section) Last … Continue reading Memory Analysis For Beginners With Volatility — Coreflood Trojan: Part 2
InfoSec Write-ups - Medium-- Welcome folks!! We are going to do c4ptur3-th3-fl4g CTF on TryHackMe. I am sure we will have fun completing the room.Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
KitPloit - PenTest Tools!-- How it works? 1- Build server 2- Connect with admin and client to server 3- To collect information, send the request to the server through the admin, and then to the clientInstallation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd serverpython main.py Admin cd adminpython main.py Client cd clientpython main.py Change the "HOST" variable … Continue reading Simple-Live-Data-Collection – Simple Live Data Collection Tool
InfoSec Write-ups - Medium-- Welcome folks!!Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
Null Byte « WonderHowTo-- One of the most exciting things as an ethical hacker, in my opinion, is catching a reverse shell. But often, these shells are limited, lacking the full power and functionality of a proper terminal. Certain things don't work in these environments, and they can be troublesome to work with. Luckily, with … Continue reading How to Upgrade a Dumb Shell to a Fully Interactive Shell for More Flexibility
KitPloit - PenTest Tools!-- TheCl0n3r will allow you to download and manage your git repositories. Preface About 90% of the penetration testing tools used in my experience can be found primarily on github. The aim of this was to make it easier to download, update and delete these git repositories. If moving to a new … Continue reading TheCl0n3r – Tool To Download And Manage Your Git Repositories
Hacker's Directory 