Brute Forcing HTTP Basic authentication

Burp suite has always been used to burst a variety of forms used to submit the login authentication, today i am going guide you how to  use Use the Burp Suite to brute force HTTP Basic authentication. HTTP Basic authentication HTTP Basic authentication is a simple request and response mechanism through which the server can request authentication information (user ID […]

Pentesting SSH

What is SSH Secure Shell or SSH is used to remotely access the server or any computer with SSH enabled. Perfect replacement for telnet protocol. Telnet is not secure like SSH, SSH provides encryption for secure communication. SSH by default uses TCP port 22 to connect with the SSH service. SSH will allow the client to connect the remote system […]

OSCP Walkthrough

Introduction – Fundamentals and basics of different topics like networking, databases, web applications, commands, etc. Windows Linux Networking Web Application Basics Services and Ports File Transfers Python Fundamentals C# Fundamentals TCPdump Powershell Wireshark Packet Crafting Tools FTP SQL YouTube Playlist Databases SQL IIS IIS Web Server MySQL Kali Tools IP Tables Tools Bettercap Masscan SQL Injection Tools Mimikatz Wordlists SecLists […]

CarbonCopy

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux Prerequisites In order to use it on Linux, please execute commands below: apt-get install osslsigncode pip3 install pyopenssl Download Tool

Recon Simplified with Spyse

One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there are a lot of tools around but very few that offer actually useful results. The job of eliminating false positives and unrelated data from your recon becomes harder as the size of your target increases. Most popular tools used by […]

Collection: Burp Extentions

Content: The best way to search this list is by: Simply pressing command + F to search for a keyword Go through our Content Menu. Scanners Passive and Active scan plugins. Active Scan++ – ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Burp Vulners Scanner – Vulnerability scanner based on vulners.com search API. Additional Scanner checks – Collection of […]

How to Crack Zip File Password Using Fcrackzip Tool

Installation There are two methods for installing and configuring this tool on kali linux or any other operating system. The first way is to download this tool using the “wget” command and configure it using the “dpkg” command. wget http://ftp.br.debian.org/debian/pool/main/f/fcrackzip/fcrackzip_1.0-10_amd64.deb dpkg -i fcrackzip_1.0-10_amd64.deb 1 wget http://ftp.br.debian.org/debian/pool/main/f/fcrackzip/fcrackzip_1.0-10_amd64.debdpkg -i fcrackzip_1.0-10_amd64.deb The other way is to install this tool directly using the following […]

CRLF Injection

CRLF refers to the special character elements “Carriage Return” and “Line Feed.” These elements are embedded in HTTP headers and other software code to signify an End of Line (EOL) marker. Many internet protocols, including MIME (e-mail), NNTP (newsgroups) and, more importantly, HTTP, use CRLF sequences to split text streams into discrete elements. Web application developers split HTTP and other […]

BUFFER OVERFLOW

A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to your system. To effectively mitigate buffer overflow vulnerabilities, it is important to understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit these vulnerabilities. Key Concepts of Buffer Overflow […]

ARP SPOOFING

What Is ARP Spoofing? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an […]

SQL INJECTION: Exploitation and Prevention

What is SQL Injection? How will SQL Injection impact my business? How do I prevent SQL Injection? What is SQL Injection? SQL injection (SQLi) is an application security weakness that allows attackers to control an application’s database – letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things – by tricking the application into […]

Google Dorks for Cross-site Scripting (XSS)

Cross-site Scripting (XSS) is a client-side code injection attack in which an attacker can execute malicious scripts to victim site or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. XSS flaws can be difficult to identify and remove from a web application. XSS attacks categorized into three types […]

Nmap Cheat Sheet

Nmap has a multitude of options, when you first start playing with this excellent tool, it can be a bit daunting. In this cheat sheet, you will find a series of practical example commands for running Nmap and getting the most of this powerful tool. Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.testhostname.com Scan […]