Credential Harvesting on paranoid browsers

Credential harvesting is one of the most common methods used in social engineering attacks when phishing. A sample can be viewed here. Some things about the cloner in social engineering toolkit: It doesn’t download assets i.e. images, css, javascript files The page cloned needs to be always reachable I will be testing this on chrome[…]

Automating web exploits using metasploit – 3

In the previous article we built the check method and all went well; now the last bit is build the exploit method and clean up. Exploit method Moving right into the code, I will explain the important parts that may be relatively new ; Line 52 helps us generate the payload Line 53 helps us give[…]

Automating web exploits using metasploit – 2

In the previous article we covered the initialize method. So moving on to the juice stuff the check and exploit methods. Enter Check Method The check method is simple. we have already declared all we need to use so now lets put everything into good use. Similar to our previous python based exploit ; we[…]

Automating web exploits using metasploit

Today I want to go through something even I have been struggling with for a while ; creating PoC’s is a good thing but creating actionable exploits for frameworks like metasploit was really something else; takes a lot more discipline. Why would we do this? well interactive shells are everyone’s joy. PS: yes I had[…]

WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download

Today we will discuss poor development practices in wordpress plugins with key focus WordPress Plugin Membership Simplified v1.58 which as of the time of this writing the script is not patched . The vulnerable script is as below: Meta data: Discovery : Larry W Cashdollar  WPVDB ID : 8777 CVE-ID :  CVE-2017-1002008 Dork Standard stuff[…]

Mobile App Native

Today I release a simple exploit as a PoC for the 5 advisories. These were discovered by Larry W Cashdollar. The exploit takes on the following phases: It checks that the plugin exists. If it does it generates a webshell and uploads it to the server. The plugin renames shells to an md5 hash; The PoC[…]

WordPress Hardening (htaccess)

WordPress is among the most widely used CMS in the world. This popularity has also lead to a number of  issues within wordpress. We will look at how to harden wordpress using four elements , together or either one depending on level of hardening required. The 4 methods include: Hardening via htaccess Hardening via patching the theme[…]

WordPress Hardening (Patching the theme)

In the previous article we discussed wordpress hardening from a htaccess angle. In this article we will do various modifications to the functions.php file that comes with a wordpress theme , all the directives will be appended to the script without destroying the theme. The directives simply change how it shows things in the frontend,[…]

Your hand is in the cookie jar

It’s been a while since my last “confession”. So today I’m here to tell you that sadly “I placed my hand in the cookie jar”. Pfffffffft!!!!! There’s a nifty new feature in the OWASP mth3l3m3nt framework  that you just might love, it was inspired by pentest tools. It aims to give potency to Cross Site Scripting[…]