From Command Injection To Meterpreter Shell – Detailed Tutorial 2018

Other than XSS and SQL Injection, there are number of different attack techniques against a web application. In this tutorial,we’ll exploit the DVWA Web Application with Command Injection Attack. There are so many vulnerable web applications where players must locate and exploit vulnerabilities to progress through the story which contains various vulnerabilities like XSS, CSRF, […]


Email Harvesting with Metasploit Framework

Footprinting is the process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization’s network system. Out of the many useful auxiliary modules that metasploit has, one is called search_email_collector which searches Google, Bing and Yahoo for email addresses associated to a particular domain. Email […]


Penetration Testing Resources – 2018 Compilation

A Penetration test is the process of actively evaluating company’s information security measures. Security measures are actively analyzed for design weakness, technical flaws and vulnerabilities. The results are delivered comprehensively in a report, to executive, management, and technical audiences. An organisation should conduct a risk assessment operation before the penetration testing that will help to […]


A Brief Overview of Kali Linux Tools

Kali Linux offers a number of customized tools designed for Penetration Testing. Tools are categorized in the following groups as seen in the drop-down menu shown in the following screenshot: Information Gathering: These are Reconnaissance tools used to gather data on your target network and devices. Tools range from identifying devices to protocols used. Examples: […]


MSFvenom Payload Creator (MSFPC) – Installation and Usage

With the help of MSFPC, you can quickly generate the payload based on msfvenom module which is a part of Metasploit Framework. So MSFvenom Payload Creator is a simple wrapper to generate multiple types of payloads like APK(.apk), ASP(.asp), ASPX(.aspx), BASH(.sh), Java(.jsp), Linux(.elf), OSX(.macho), Perl(.pl), PHP(.php), Powershell(.ps1), Python(.py), Tomcat(.war) and Windows(.exe/.dll). The only necessary input […]