Creating custom username list & wordlist for bruteforciing.

During brute-forcing every time you need custom  password list & username list. Username list is as well as important as password list, it should be unique for every organization.If we use traditional large number of username list , then it will be tedious process.Custom username list also useful in username enumeration.Creating custom username list:-(1)Jigsaw:-During information gathering stage , you may use jigsaw script. It is great script...

Read More

XPATH Injection Tutorial

XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.We are gonna learn using simple example. Download code from here & put it in your local server directory.(Code is created by Amol Naik )Sample...

Read More

Broken Authentication & Session Management in Mutillidae

Broken Authentication and Session Management is on number 2 in OWASP Top 10 vulnerability list 2013. In mutillidae , it contain three subsection.Authentication BypassPrivilege EscalationUsername EnumerationWe have already covered Username enumeration in last article & we got valid username list which exist in database. Today we are going to use authentication bypass method.Using cookieUsing brute-forceUsing SQL injection(1)Authentication Bypass...

Read More

How to solve compile error in veil?

As you know, veil is AV evasion framework for metasploit payload. On the 15th of every month, for the next year, at least one new payload module will be released.Yesterday they released two new payload.pure windows/meterpreter/reverse_tcp stager, no shellcodepure windows/meterpreter/reverse_tcp windows service stager compatible with psexec, no shellcodeCompiler Error in c payloads:- Available c payloads:    VirtualAlloc                        ...

Read More

Username Enumeration in Mutillidae using Burpe Intruder.

Mutillidae  is a free, open source, vulnerable web-application providing a target for web-security tester. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. Username Enumeration :- We have an application that will reveal to us when a username exists on the system which can be used in further step like brute-force account.In Mutilliade login page , when you provide valid username & invalid password , web-application...

Read More

List of Differnet AV evasion Frameworks.

Today we are gonna talk about different AV evasion frameworks for metasploit payload & how to use them? It`s very imporatant when you know which AV you have to bypass, because we don`t have to worry about FUD. Some payload can bypass specific AV ; while other AV can not be bypassed using that payload.(1)Veil:-Veil is python based tool which create FUD payload , One of the best framework for AV evasion. On the 15th of every month, at least one...

Read More

Backdoor using Netcat, cryptcat , ncat.

Today we are gonna talk about Netcat & its alternative ; i assume that all of you are familiar with Netcat. If not than read here.  Also i assume that you have already open port 455 using following command.netsh firewall add portopening TCP 455 "Service Firewall" ENABLE ALLAttacker `s I.P : 192.168.56.1Victim`s I.P.     : 192.168.56.101We will talk about Netcat, cryptcat & ncat.(A)Netcat:-Netcat is used as backdoor....

Read More