A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of this vulnerability […]
Do you ever wonder why some websites seem to rank at the top search engines so easily, while other, seemingly higher-quality websites struggle to get onto the first page? Often times it’s because their primary keywords are in their domain name. In some niche and local markets that may be just about all that’s needed, […]
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. To demonstrate this attack, we’re using DVWA which is one […]
For many years now we’ve participated in many coding forums and discussion platforms. Perhaps one of the biggest issues we see is people using $_GET or another unfiltered variable inside of an include, include_once, require or require_once statement which is a major security risk. One of the most dangerous types of vulnerabilities we can find […]
The Java Remote Method Invocation, or Java RMI, is a mechanism that allows an object that exists in one Java virtual machine to access and call methods that are contained in another Java virtual machine; This is basically the same thing as a RPC, but in an object-oriented paradigm instead of a procedural one, which […]
A number of different tools exist for performing automated vulnerability scans of web applications. These scanners have the benefit of being able to test a large amount of functionality in a relatively short time, and in a typical application are often able to identify a variety of important vulnerabilities. Web application vulnerability scanners automate several of the […]
You’ll come across public Wi-Fi almost everywhere, in the airport, your favorite coffee shop, and hotels. While public Wi-Fi has made our lives better, it poses a lot of risks particularly security risks. Hackers have made public Wi-Fi’s their playground where they illegally acquire users’ personal information and use it to carry out their fraudulent […]
Other than XSS and SQL Injection, there are number of different attack techniques against a web application. In this tutorial,we’ll exploit the DVWA Web Application with Command Injection Attack. There are so many vulnerable web applications where players must locate and exploit vulnerabilities to progress through the story which contains various vulnerabilities like XSS, CSRF, […]
Looking to buy best hacking and security books? We have short listed some of the highly recommended books for beginners and advanced hackers. These books will be a breakthrough in your hacking venture. Here we’ve listed out top 20 Hacking Books that will definitely helps you to understanding the concepts of hacking and security:- [1] Hacking: […]
S.No Name of the Book Download Link 1 jQuery Enlightenment A book for jQuery developers who have surpassed the introductory concepts. By – Cody Lindley View More 2 AngularJS Directives in Traction This eBook helps you understand how built-in directives work and teaches you to build custom directives on your own. By – Amit Gharat […]
Ever thought of creating a library with thousands of free hacking an security e-books? You’d never have to spend a dime. It sounds impossible, but it’s not! Free E-books, on nearly all topics you can think of, are all over the internet, ready to be read, downloaded, and shared. All you need to do is […]
DNS organizes hostnames in a domain hierarchy. A domain is a collection of sites that are related in some sense because they form a proper network (e.g., all machines on a campus, or all hosts on BITNET), because they all belong to a certain organization (e.g., the U.S. government), or because they’re simply geographically close. […]
This article describe how to quickly enable SSL for local apache web server under Linux. This has been done on a Kali Linux virtual machine of version 2018.1, the one maintained and funded by Offensive Security. This procedure may not work or may differ on older or different distribution. You need to already have apache […]
Base64 is a group of similar binary-to-text encoding schemes that represents binary data in an ASCII string format by translating it into radix-64 representation. All examples below uses base64 decoded text (eWVhaGh1Yg==) for simplicity, but this is not a typical use case, as it can already be safely transferred across all systems that can handle […]