For many years now we’ve participated in many coding forums and discussion platforms. Perhaps one of the biggest issues we see is people using $_GET or another unfiltered variable inside of an include, include_once, require or require_once statement which is a major security risk. One of the most dangerous types of vulnerabilities we can find […]
Unvalidated data Never trust anything you get from a Web browser. The browser is completely outside of your control, and it’s easy to fake values like the HTTP referrer. It’s also easy to fake a hidden field in a form. More importantly, when dealing with forms, for example, validate the data carefully. Use a “deny all, […]
North Korea which is a democratic country located in East Asia whose capital is Pyongyang is continuously testing his hydrogen and nuclear bombs. As war of words heats up, even US President i.e. Trump says that “Second Option” would be Devasting for North Korea. According to recent reports, On Saturday, The Washington Post reported that […]
CHAOS is a framework based on Linux through which you can easily generate the payloads and control remote machines like Windows XP/Vista/7/8/8.1/10. In other language, you can say, CHAOS Framework is the minimal version of METASPLOIT FRAMEWORK, because it has limited functions which you can perform with your target but the best thing about CHAOS […]
Today we’ll discuss about the post exploitation attack using metasploit framework to hack any Android Device without any port forwarding. Generally you can get easily reverse TCP connection with Meterpreter in a LAN network but when you do the same thing over internet i.e. WAN, then the scenario is little bit different. With this method, […]
Pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. Features – Only runs on GNU/Linux OS. Based on Python Easy to install and use Supported attacks – ARP spoofing – […]
Today we’ll discuss about the hijack method used in banking sector i.e. botnets to steal money or some sensitive information from the user. What are these botnets used for? They are used for many different purposes like gathering private details, logins to websites, credit card information, bank logins, PayPal accounts etc. If you can use […]
Question: What is a shell when it comes to web hacking? Answer: Well, basically a shell is an interface between client and server and comes up with an extension of .php. To make it works, hackers always uploaded this kind of PHP Shell into online web servers in order to make it work. When you […]