content top

Penetration Testing Report – Web Application

Penetration Testing Report – Web Application

Introduction   Penetration Testing is a critical security testing of a network infrastructure, application, web application. Penetration testing is not going to be worth anything if there are no reports to detail what has been done and what needs to be fixed or corrected.   Penetration Test report lay down the base foundation that determines how good or bad a network, web applications and Internet security performs.   But how...

Read More

Protecting Innocent MySQL from SQL Injection

Protecting Innocent MySQL from SQL Injection

Introduction   This is a brief guide on how to protect your innocent MySQL database from SQL injection attacks.   What is SQL Injection?   As the name suggests, SQL Injection occurs when the user injects SQL statements into your application.   How does this happen?   Say we have a simple login form that takes a username and password, and validates against the database. If the username and password is validated, the...

Read More

Reverse Shell v1.0 PHP – Authentication Feature

Reverse Shell v1.0 PHP – Authentication Feature

Introduction   This tool is designed for pentest situation where you have upload access to a webserver that is running PHP. Upload this script to somewhere in the web root then run it by accessing the appropriate URL in your browser. The script will open an outbound TCP connection from the webserver to a host and port defined in the script. Bound to this TCP connection will be a shell.   This will be a proper interactive shell in...

Read More

Damn Vulnerable Web App – SQL Injection

Damn Vulnerable Web App – SQL Injection

Introduction Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable and can be exploited easily.Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a lab environment. Warning! Damn Vulnerable Web App...

Read More

Egg Hunter – Twist in Buffer Overflow – BisonWare FTP Server v3.5

Egg Hunter – Twist in Buffer Overflow – BisonWare FTP Server v3.5

INTRODUCTION It’s time for breakfast and I prefer bread with omelet. Eggs are a fantastic source of energy for humans.:-) “Eggs” also plays an important role when it comes to complex exploit development. As we know, in stack-based buffer overflow, the memory is more or less static. That is, we have enough memory to insert our shellcode. When the “Egg hunter” shellcode is executed, it searches for the unique “tag” that was...

Read More
content top