Articles

PHP Learning Resources [Compilation List 2018]

PHP, which stands for PHP Hypertext Preprocessor, is a server-side embedded scripting language. In non-technical terms: a PHP processor is run on the server (Windows, or a flavor of UNIX). When a page is requested that contains PHP, the processor translates and executes all the commands in the page, and then outputs the result to the browser as regular […]

Tutorials

Print Fibonacci Series in PHP [Code]

Fibonacci Series is a series of numbers in which each number (Fibonacci number) is the sum of the two preceding numbers. The simplest is the series 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144 etc. As seems that, the first two numbers in this sequence are either 1 and 1 or […]

Tutorials

Develop Secure PHP Applications with PDO Statements

The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver that implements the PDO interface can expose database-specific features as regular extension functions. Note that you cannot perform any database functions using the PDO extension by itself; you must use a database-specific PDO driver to access […]

Tutorials

Ultimate phishing tool with Ngrok [SocialFish]

SocialFish is an open source tool through which you can easily create a phishing page of most popular websites like Facebook/Twitter/Github etc and can even be integrated with NGROK which is an another open source tunnel service which forward your localhost URL to some public DNS URL. Ngrok also provides a real-time web UI where […]

Tutorials

Exploitation of EternalBlue DoublePulsar [Windows 7 – 64bit] with Metasploit Framework

EternalBlue Metasploit exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer. According to NSA formal employees, EternalBlue was […]

Tutorials

WEP Cracking with Kali Linux 2018.1 [Tutorial]

Wireless technology has become increasingly popular as it allows you to easily access the Internet from all sorts of locations around the world without requiring a network cable. But a wireless network isn’t always secure if you don’t understand its dangers, and especially if precautions are not taken. In today’s society, we see a lot […]

Tutorials

[Minimal Guide] Sniffing with Airodump-ng

Airodump-ng is used for the packet capture of raw 802.11 frames and is particularly suitable for collecting weak WEP Initialization Vectors (IVs) for the later use with Aircrackng. With a GPS receiver connected to the computer, Airodump-ng is also capable of logging the GPS coordinates of the detected APs. This GPS data can then be imported […]

Tutorials

List of HTTP/1.1 Methods [2018 Update]

1. GET Method The GET method is used to retrieve whatever is stored or produced by the resource located at the specified Request-URI. The GET method can be used to request files, to invoke server-side scripts, to interact with server-side CGI programs, and more. When HTML form variables are submitted with the form action set […]

Tutorials

[Ports List] Popular Web and Database Servers

The below list includes the ports on all the popular Web and database servers. Port Server 66 Oracle SQL*Net 80 Hyper Text Transfer Protocol (HTTP) 81 HTTP Proxy, Alternative HTTP Port, Cobalt Server Administration Port 443 Secure Socket Layer (SSL) 445 Microsoft SQL Server over NetBIOS 457 UnixWare/Netscape FastTrack Server 1080 SOCKS Proxy 1100 Oracle […]

Tutorials

[Code Execution] – preg_replace() PHP Function Exploitation

Today we’re gonna exploit one of the most popular PHP function i.e. preg_replace() which is used by many developers and can further lead to a Code Execution vulnerability. The preg_replace() function operates just like POSIX function ereg_replace(), except that regular expressions can be used in the pattern and replacement input parameters. Here, we’ve a simple […]

Tutorials

19 Most Useful Plugins for Burp Suite [Penetration Testing]

Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing.  Burp is highly functional and provides an intuitive and user-friendly interface. Its proxy function allows configuration of very fine-grained interception rules, and clear analysis of HTTP messages structure and contents. The proxy can also be configured to perform […]