Today I want to show you in practice how the directory traversal attack can be used. This is a very simple and popular attack. But with its help, you can access important information on the server.
How to do this, and what the main features of this attack I will discuss in this article. We plan to release a whole selection of articles on the WEB, so I recommend that you be in the subject line so as not to miss the following materials.
[Read more…] about Directory traversal attack exampleOne of the main goals of almost any hacking is to get a shell (access to the command line) to execute system commands and eventually master the target computer or network. SQL injections are usually associated only with databases and the data that they contain, but in fact they can be used including to get the shell. In this tutorial, we will use SQL injection to exploit a simple vulnerability to get the ability to execute commands, resulting in a reverse shell on the server.
To perform the attack, we will use Kali Linux and a specially created virtual machine with vulnerabilities – DVWA http://www.dvwa.co.uk/. If you are new to Kali, then we recommend that you work through our Kali configuration and security guidelines to ensure that your system is ready for the tasks in this article.
[Read more…] about How to use SQL injections to execute OS commands and to get a shellWhat is netbios? NetBIOS is a service that provides network connectivity and is often used to join a domain and legacy applications. This is a rather old technology, but it is still used in some software environments. And since this is an unprotected protocol, quite often it can be the starting point for an attack on a network. A good start would be to scan NetBIOS shares using the NBTScan and Nmap Script Engine.
To accomplish this task, we will use our target machine as Metasploitable 2– a virtual machine with vulnerabilities intentionally created in it. We will attack it with Kali Linux, a distribution for hackers and pentesters.
[Read more…] about How to list NetBIOS shares using the NBTScan and Nmap Script EngineActive Directory is a phenomenon that is quite common when testing the security of large companies. Often there is not a single domain in a single forest, but a more branched and more interesting structure. Therefore, today we will talk about how to conduct exploration, study the structure of the forest, consider the possibilities of elevating privileges. And we will complete a complete compromise of the entire forest of the enterprise!
It is no secret that many, if not most, large companies use the Active Directory directory service from the notorious MS. The reason is quite obvious.
[Read more…] about Hacking Windows Active Directory Full guideRunning Metasploit with Docker and Kubernetes
This article is intended to make it easy to build a penetration test environment without complicated settings if Docker and Kubernetes are introduced.
