Collaborate Disseminate
Result of port scanning using NMAP:
I am new to this, and I’m quite confused about how to approach which ones are vulnerable. What method of attack should I use? All I know is there are some vulnerabilities.
Continue reading How to attack opened ports that I found when scanning a server [closed]
I want to publish my website as http secure connection but I want to keep it private so only I can view it. I want to prepare and test its security before its official release.
Is there any service providing this kind of thing or can anyon… Continue reading How to publish a php website privately so I can make tests?
While learning about pentesting most of the time I have used the python3 -m http.server [PORT] command to spin up a temporary http server in order to transfer files to a target system. However as I am progressing and moving beyond the basi… Continue reading How to set up a simple HTTPS server for pentesting [closed]
I have a web server with each web application running as it’s own machine level account.
The server only hosts the web applications, no other services, dbs, etc.
Apart from the web server processes, nothing else should execute as these acc… Continue reading Would monitoring for unusual process execution help identify intrusions on a web server?
I am a beginner in Windows Server management. Currently, i have a VPS which already has a website running in IIS 10. Also have a domain which already point out to the Server’s IP Address for that running website.
I use Gophish for windows … Continue reading How to deploy Gophish in a running IIS Server [migrated]
I’ve read about this but I don’t fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that are not trusted with a client secret.&qu… Continue reading Public client or Confidential client: should I generate a client secret?
Context
I’ve been recently looking at UUIDs (mostly v4) and their uses to maybe start using them in some of my apps. I started asking myself some question about security as one does. Then I fell on the Is it safe to rely on UUIDs for priva… Continue reading Are webservers’s file serving safe against timing attacks?
I can create a server using the operating system using the graphical interface and create a simple backdoor in PHP:
<?php echo exec($cmd);
In another computer, I can run any command in the terminal as the user server. But, how can I hav… Continue reading How to run graphical interface in pentest?
Here is the scenario:
Server A is an authentic server (A.com).
Server F is a fake server (F.com) that also has a valid cert for
F.com has a copy of A.com certificate to it (to fake as A.com).
Client C is trying to connect to A.com via a r… Continue reading Detect invalid cert Android client if URL being redirected to a fake server
We are currently working on setting up new Android handheld devices (RF guns) to read/write to our SQL Server 2019 database and are at a fork in the road in deciding what to do. Both options below would work, but option 1 is a lot faster t… Continue reading Which is safer – using the sql_conn Flutter package or using a web server as a middle layer for requests against a SQL Server database?