Collaborate Disseminate
Question: Why does my curl request perform the SQL-Injection correctly but my ffuf request with the same payload does not?
curl -X POST -d "username=admin’ #&password=a" $TARGET`
ffuf -w /usr/share/seclists/Fuzzing/SQLi/quic… Continue reading Why does my automated SQL Injection with ffuf not work on the login form? [closed]
Question: Why does my curl request perform the SQL-Injection correctly but my ffuf request with the same payload does not?
curl -X POST -d "username=admin’ #&password=a" $TARGET`
ffuf -w /usr/share/seclists/Fuzzing/SQLi/quic… Continue reading Why does my automated SQL Injection with ffuf not work on the login form? [closed]
Question: Why does my curl request perform the SQL-Injection correctly but my ffuf request with the same payload does not?
curl -X POST -d "username=admin’ #&password=a" $TARGET`
ffuf -w /usr/share/seclists/Fuzzing/SQLi/quic… Continue reading Why does my automated SQL Injection with ffuf not work on the login form? [closed]
Could anyone suggest some tools to brute force a desktop application?
I am new to pentesting and have just about got my head around the very basics of pentesting web applications.
However, I have been given a basic vb.net app that I am run… Continue reading Desktop App Brute Force [duplicate]
After a password leak, is there a Levenshtein distance from which one a newly derivated password can be considered safe?
I assume yes, given that if e.g. the word was "password", and the new one is "drowssap", the dista… Continue reading After a password leak, is there a Levenshtein distance from which one a newly derivated password can be considered safe?
I am trying to crack my own network password in order to learn firsthand how to secure it more. It is an 8 character key, with lowercase characters, uppercase characters, and digits. I used crunch with the command
crunch 8 8 abcdefghijklmn… Continue reading How to crack a randomly generated 8 character wifi password
I want to add a suffix to my URLs that makes them distinctive and therefore only findable by a person who knows that suffix. I considered using a UUID or hash, but these are usually very long. However, I want the suffixes to be as short as… Continue reading How many random characters must an unguessable string contain?
Terminal command:
$ nmap 10.10.244.76 -p 22 –script ssh-brute \
–script-args userdb=trash.txt,passdb=rockyou.list,timeout=4s
NSE: [ssh-brute] usernames: Time limit 15m00s exceeded.
NSE: [ssh-brute] usernames: Time limit 15m00s exceed… Continue reading Bypass time limitation of OpenSSH when using Nmap [duplicate]
If you connect databases / servers to the internet and secure them poorly, you can count on them getting compromised quickly. According to findings by Radoslaw Zdonczyk, Security Researcher at Trustwave SpiderLabs, there will be login attempts even bef… Continue reading Secure your databases against opportunistic attackers
What does it take to brute force something like this
00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31
I can brute force anything else like
iambad, blackapple1, etc
But how can I brute force something like that line? And what is the best hardwa… Continue reading What does it take to brute force 42 hex characters [closed]