Collaborate Disseminate
I mean, I can exploit the vulnerability using a substring function and without using an ASCII function like:
SELECT username FROM users WHERE id = 1 AND (SELECT substring(password,1,1) FROM users WHERE username = ‘admin’ ) = ‘a’;
And I ca… Continue reading What is the wisdom of using the ASCII function in exploit SQLi?
I am looking for a system for managing penetration test findings. Wondering if there’s a vendor application out there – whereby my penetration testers can "log a finding" – and than manage the workflow around that finding e.g. Op… Continue reading Pen Testing Webapp/Database – Solution
I am getting into the field of penetration testing and had a question about device information scans. I know that you can scan all of the devices on a network and scan for open ports, and in the process get some information on the devices…. Continue reading Disguising Device Information During IP and Open Port Scans
In kerberoasting , User request service ticket for any service with registered SPN then use the ticket to crack service password.
But in kerberoses authentication process , KRB_TGS_REQ request is encrypted with TGS secret key which is held… Continue reading TGS Ticket in Kerberoasting
Is it possible, with NT Authority/SYSTEM access, to reuse mscash2 credentials in any way on a local system or AD network? Perhaps with runas /savecred or mimikatz or something similar? I know that the mscash2 cannot be passed in a traditio… Continue reading Abusing Saved mscash2 Credentials in Active Directory
I am confused about LFI where I have seen many broken web-app demos demonstrate LFI where they traverse to a directory similar to /etc/passwd. How are these passwords being stored exactly? I do not understand why there is a directory for p… Continue reading File inclusion exposed passwords
I am not unable to find a comprehensive VPN penetration testing guide. Is there any?
Continue reading Standard guide like OWASP for VPN pentesting?
I am interested in testing a website’s new feature which is available on a single a web page (addition in original website) and have some editable fields. Other than checking input validation on those fields through MITM (which I am doing … Continue reading Penetration Testing of a Web Page instead of whole site
I am currently doing my pentesting on Kali mostly THM/HTB etc Now I want to start with the development of Bufferoverflows and Exploits on Windows. To do this I want to build a system containing immunity debugger and Mona.py. Are there oth… Continue reading Windows as an Attack Platform for Pentests [closed]
I have been spending some months learning about ethical hacking, I am struggling with my old laptop and I understand that if I want to move forward in this world I have to upgrade. after switching from Windows to Mac, I realized, I could n… Continue reading Getting started – Laptop (Help please) [closed]