During a pentest on a web server it can certainly be useful to enumerate the victim’s domain to see if there are any subdomains, in order to test everything. To do this you can use the following main methods: — Dns zone transfer — With this method it is possible to take advantage of the… Continue reading How to enumerate subdomains
Category: What to do for
Hide malicious shell in image file
Many times, uploading a malicious file (such as a .php reverse shell) to the victim machine, and making it work, is not so obvious. The victim’s web administrator may have set filters to help determine the types of files that can be uploaded to their server. In fact, a good web administrator allows you to… Continue reading Hide malicious shell in image file
Why use a VPN
VPN stands for VIRTUAL PRIVATE NETWORK. VPN is a virtual network which guarantees privacy and increases security on browsing data.
Create your own website with wordpress.org – starting from scratch
Creating your own website is not something reserved for programmers and web designers. If you have some nice ideas that you would like to put online in the vast world of the internet, below I will list the various steps to do so, from registering a domain to finding a hosting service and installing and… Continue reading Create your own website with wordpress.org – starting from scratch
Shell spawning
Once you get a shell on the linux victim machine this shell could be without TTY (terminal connection) and most likely to go on with the penetration test you will need to spawn TTY shell. In fact, a shell without the TTY functions does not allow you to perform important things such as the simple… Continue reading Shell spawning
Reverse Shell one liner – how to do it
If during a penetration test you discover an RCE (Remote Code Execution) vulnerability most likely what you need is to run a Reverse Shell to gain more control over the victim machine. An RCE is a vulnerability that allows you to execute commands on the victim. And this is why if I activate a listener… Continue reading Reverse Shell one liner – how to do it
DOM XSS attack
DOM XSS attack In short, Document Object Model (DOM) is the hierarchical structure objects of an HTML document, generated by the web-browser to represent the document. The utility of DOM is to easily access the contents of the document. An example of a simple structure of a DOM is the following: W3C defines… Continue reading DOM XSS attack