[zero code] LFI and Arbitrary file download exploits on Mth3l3m3nt Framework

Categories
LFI, OWASP Mth3l3m3nt, pentest, Web Attacks

This simple post will take you through the process of adding an arbitrary file download exploit to mth3l3m3nt ; so yes no excuse to not have a working PoC for LFI or arbitrary file downloads because “I can’t code”. We will use the case of WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download whose process of coming […]

Your hand is in the cookie jar

Categories
OWASP Mth3l3m3nt, Uncategorized, Web Attacks, webdev

It’s been a while since my last “confession”. So today I’m here to tell you that sadly “I placed my hand in the cookie jar”. Pfffffffft!!!!! There’s a nifty new feature in the OWASP mth3l3m3nt framework  that you just might love, it was inspired by pentest tools. It aims to give potency to Cross Site Scripting […]

Installing OWASP Mth3l3m3nt Framework on Linux

Categories
OWASP Mth3l3m3nt, Uncategorized

The installation of Mth3l3m3nt has been made as easy as possible. The first step though is getting the server configuration to work well to achieve three things: Disable Directory Listing Enable Htaccess overrides Allow Includes and Symlinking for dynamic routes to work. This can all be found in the article here. Alternatively watch the video […]

OWASP Mth3l3m3nt Framework

Categories
OWASP Mth3l3m3nt, Uncategorized, Web Attacks

It’s Finally out there the OWASP Mth3l3m3nt Framework . It’s a small tool to aid you in carrying out your pentest tasks with as little resources as possible. Most of us can afford the simple shared hosting services but not a powerful enough VPS to run pentest distros especially due to cost constraints. This one […]