Penetration Testing
Auto Added by WPeMatico
-
HackTheBox — CicadaHacktheBox Cicada is an easy rated machine which focusses on an Active Directory Domain Controller.Initial AccessThe initial nmap scan shows the following ports openJudging by the fact that ports 53 and 88 are open we can assume that we are up against a domain controller.Started off with enumerating smb.Was able to enumerate the shares anonymously.We also…
-
IntroductionHi fellow hackers!HTML Injection vulnerabilities may not initially appear as severe as SQL Injection or Remote Code Execution, but their potential impact can be just as devastating when exploited creatively. In this blog, I will walk you through a real-world scenario where I discovered an HTML Injection vulnerability in the “Invite User” functionality of an application.…
-
Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards. “Back in 2017, I was experimenting with extracting cookies from one browser and importing them into another. I realized this technique could effectively take over accounts, bypassing the need for credentials or even MFA…
-
GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is constructed on top of ChatGPT and works in an interactive way to direct penetration testers…
-
Introduction to Sea: This write-up will explore the “Sea” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Sea” machine from Hack The Box by achieving the…