This simple post will take you through the process of adding an arbitrary file download exploit to mth3l3m3nt ; so yes no excuse to not have a working PoC for LFI or arbitrary file downloads because “I can’t code”. We will use the case of WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download whose process of coming […]
It’s been a while since my last “confession”. So today I’m here to tell you that sadly “I placed my hand in the cookie jar”. Pfffffffft!!!!! There’s a nifty new feature in the OWASP mth3l3m3nt framework that you just might love, it was inspired by pentest tools. It aims to give potency to Cross Site Scripting […]
The installation of Mth3l3m3nt has been made as easy as possible. The first step though is getting the server configuration to work well to achieve three things: Disable Directory Listing Enable Htaccess overrides Allow Includes and Symlinking for dynamic routes to work. This can all be found in the article here. Alternatively watch the video […]
Africahackon 2015 CTF Solution
Following the Africahackon Conference 2015 the OWASP Mth3l3m3nt Framework was used in the CTF solution to make it easier, faster and more efficient to manage the attack. The main modules used in this are: Generic Request Maker Shell Generator Web Herd (HTTP Bot)
It’s Finally out there the OWASP Mth3l3m3nt Framework . It’s a small tool to aid you in carrying out your pentest tasks with as little resources as possible. Most of us can afford the simple shared hosting services but not a powerful enough VPS to run pentest distros especially due to cost constraints. This one […]