Natkhat NetCat

Introduction: If you are a penetration tester then netcat is one of the most used tools of yours. For over 20 years, this tiny but powerful tool has been used by hackers for a wide-range of activities. It’s so powerful and useful, that many people within the hacking community refer to it as the “Swiss Army knife […]

Cross Site Scripting (XSS) to Meterpreter

Hello Guys, Today we are going to learn about how we can exploit Cross Site Scripting (XSS) vulnerability and gain access over client’s system via meterpreter. Sounds weird?? Let’s have a look of it. Before proceeding, we need to learn following topics and tools. What is Cross Site Scripting (XSS)? Cross-site scripting (XSS) is a […]

Insecure PUT method to Meterpreter

Hello guys. Today I will describe another way to compromise a remote system. We are going to exploit vulnerable HTTP methods PUT to gain access over the web server. Before starting we need to understand following topics. HTTP Methods: HTTP defines a set of request methods to indicate the desired action to be performed for […]

File Inclusion to Meterpreter

What is File Inclusion vulnerability? File inclusion vulnerability is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control […]

File upload vulnerability to Meterpreter

Vulnerability Name: Arbitrary file upload vulnerability in DVWA frame work in “low” section. System Specification: Victim – Windows XP SP2 [IP:] Attacker – Kali Linux 2.0 [IP: PORT: 4444] Success Criteria: Following two conditions are mandatory for exploiting file upload vulnerability – Attacker can upload any file (including .php, .asp, .aspx etc) Attacker […]

OS Command Injection to Meterpreter

Definition: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are […]

SQL Injection to Meterpreter

Goal: By exploiting SQL Injection vulnerability fully compromise the victim server and get reverse shell (Meterpreter) using SQLMap. Victim System: Damn Vulnerable Web App (DVWA) is installed in Windows XP for creating such virtual lab. IP: Attacker System: Kali Linux 2.0 [Python 2.7, SQLMap and Metasploit installed by default]. IP: Tools: SQLMap: sqlmap […]