The Confessions of a Pentester Series, is the work of a pentester that goes by the handle of EasyGhost and was originally posted over at HackForums.net. EasyGhost was nice enough to give me permission to post his collection of Real world engagements, which I found to be a excellent read and shows the mindset of a pentester when breaking into a Network. Hacker’s Wet Dream Imagine being sent back in time, lets say to…

The Confessions of a Pentester Series, is the work of a pentester that goes by the handle of EasyGhost and was originally posted over at HackForums.net. EasyGhost was nice enough to give me permission to post his collection of Real world engagements, which I found to be a excellent read and shows the mindset of a pentester when breaking into a Network. INTRODUCTION I received a lot of positive feedback from the first story,…

The Confessions of a Pentester Series, is the work of a pentester that goes by the handle of EasyGhost and was originally posted over at HackForums.net. EasyGhost was nice enough to give me permission to post his collection of Real world engagements, which I found to be a excellent read and shows the mindset of a pentester when breaking into a Network. I thought it would be interesting to share some of my real…

Command injection also is known as OS Command injection, is an attack technique used to execute commands on a host operating system via a vulnerable web application. Command Injection attacks are possible when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, and so on) to a system shell. These commands are executed with the privileges of the vulnerable application. These attacks are due to the web application not having sufficient input validation…

What is THC-Hydra? Hydra is a very fast online password cracking tool, which can perform rapid dictionary attacks against more than 50 Protocols, including Telnet, RDP, SSH, FTP, HTTP, HTTPS, SMB, several databases and much more. THC (The Hackers Choice) created Hydra for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. Installing THC-Hydra If you are running Kali Linux you will already have…

    What is SQL Injection? SQL Injection is a code injection technique used to attack data driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an applications software for  example when users input is either incorrectly filtered for a string literal escape characters embedded in SQL statements or user input…

LAMP is an acronym of the names of its original four open-source components used for building dynamic websites and web applications, These components are Linux, Apache, MySQL and PHP (or Perl). The equivalent installation on Microsoft Windows operating system is known as WAMP. To make this server vulnerable, we will be installing outdated versions of PHP and setting up broken web applications, these applications are used for learning how to hack\pentest using various different…