Collaborate Disseminate
I have seen in many source codes where developers used curly braces on the user input variable for ex:-
query("SELECT * FROM users WHERE email = ‘{$email}’ AND password = ‘{$password}’");
And I have seen that people created two … Continue reading What is the use of Curly Braces in PHP mysql? [migrated]
I am inside the container, and I am trying to learn escaping from container to host. So I create a vulnerable environment, on which the container is having `/var/run/docker.sock’ file inside the container to make API calls.
So I tried to c… Continue reading Docker: Not able to read local file system
My question title might be different from what I want to know.
So this is my query:-
{“query”:”{__schema{ queryType {fields{name}}}}”,”variables”:null}
and below was the results
{“data”:{“__schema”:{“queryType”:{“fields”:[{“name”:”me”… Continue reading GraphQL – How to retrieve the field names?
I created a parameter passing through system() i.e. cmd. Now I run Empire tool with http listener and launch powershell launcher. Got the huge bunch of base64 encode string.
Now I pass this string to the parameter cmd, which was passing t… Continue reading Why Empire Launcher payload is not working in system() in PHP?
I am learning Kerberoasting see below are my steps that I am following.
Step:1. Attacker will find the SPN’s
Step:2. After identifying we will request for TGS for that SPN. This is the script for that.
Add-Type -AssemblyName System.Ident… Continue reading How to retrieve Kerberos Service tickets?
I have seen in many articles about if you have received a 404 error with Code: NoSuchBucket then it will be vulnerable to takeover.
But when I tried to take it over then I am receiving an error i.e. Bucket already exists
Empire is a pure PowerShell script post exploitation only for Windows but I am asking about it in an antivirus software context.
In my local environment I have the following:-
Attacker:- Kali Linux (Empire)
Victim:- Windows… Continue reading How Empire and Metasploit are different in detecting antivirus software? [on hold]
In my local environment, I have downloaded 32 bit windows 7 machine x86 arch which is vulnerable to ms15-051 exploit in Metasploit,
And I want meterpreter shell but I didn’t find a way to get it, because I only get x64 payl… Continue reading How to execute x86 meterpreter shell?
I want to learn about SNMP pentesting. I have downloaded VyOS virtual machine. Next I downloaded the snmpwalk tool to pentest the SNMP protocol.
I have learned that if someone guesses/bruteforces the Community string then he… Continue reading What will happend if I change the SYSname SNMP? [on hold]
Suppose I have an AS number of company abc.com i.e. AS78XX. What kind of info can I get from this?
I think this is related to grabbing subdomains. Maybe I am totally wrong or partly. What do you think regarding this?
Continue reading What information about a company can I get with an AS number? [on hold]