Automating web exploits using metasploit – 3

In the previous article we built the check method and all went well; now the last bit is build the exploit method and clean up. Exploit method Moving right into the code, I will explain the important parts that may be relatively new ; Line 52 helps us generate the payload Line 53 helps us give[…]

WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download

Today we will discuss poor development practices in wordpress plugins with key focus WordPress Plugin Membership Simplified v1.58 which as of the time of this writing the script is not patched . The vulnerable script is as below: Meta data: Discovery : Larry W Cashdollar  WPVDB ID : 8777 CVE-ID :  CVE-2017-1002008 Dork Standard stuff[…]

John The Troll (CTF – Africahackon) – Key 1

Download Africahackon CTF by John the Troll (487.71 MB) The CTF  wanted to cover basics in the beginning where people not only see but observe. On loading the system we notice that there is a web application hosted on it. The application was a wordpress application. Things to note about it are: readme.html was still[…]