Beginner Guide of SQL Injection (Part 1)

SQL injection is a technique where malicious user can inject SQL Commands into an SQL statement via web page. An attacker could bypass authentication, access, modify and delete data within a database. In some cases, SQL Injection can even be used to execute commands on the operating system, potentially allowing an attacker to escalate to… Continue reading →
The post Beginner Guide of SQL Injection (Part 1) appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/beginner-guide-sql-injection-part-1/

massExpConsole – Collection of Tools and Exploits with a CLI UI

Collection of Tools and Exploits with a CLI UIWhat does it do?an easy-to-use user interface (cli)execute any adapted exploit with process-level concurrencycrawler for baidu and zoomeyea simple webshell managersome built-in exploits (automated)more to come…RequirementsGNU/Linux or MacOS, WSL (Windows Subsystem Linux), fully tested under Kali Linux (Rolling, 2017), Ubuntu Linux (16.04 LTS) and Fedora 25 (it will work on other distros too as long as you have dealt with all deps)proxychains4 (in $PATH), used by exploiter, requires a working socks5 proxy (you can modify its config in mec.py)Java is required when using Java deserialization exploits, you might want to install openjdk-8-jre if you haven’t installed it yetpython packages (not complete, as some third-party scripts might need other deps as well): requestsbs4beautifulsoup4html5libdocoptpip3 install on the gonote that you have to install all the deps of your exploits or tools as wellUsagejust run mec.py, if it complains about missing modules, install themif you want to add your own exploit script (or binary file, whatever): cd exploits, mkdir your exploit should take the last argument passed to it as its target, dig into mec.py to know morechmod 755 <exploitBin> to make sure it can be executed by current useruse attack command then m to select your custom exploittype help in the console to see all available featuresDownload massExpConsole

Link: http://feedproxy.google.com/~r/PentestTools/~3/n_22lP9qR0U/massexpconsole-collection-of-tools-and.html

Hack Legal Notice Caption of Remote PC

Registry key play an important role in operating system attacker makes use of legal notice registry key to send threaten message on targeted system so that once the system is boot up the user can read the message that “your system has been hacked” which appears before login screen. Through this article we are showing… Continue reading →
The post Hack Legal Notice Caption of Remote PC appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/hack-legal-notice-caption-remote-pc/

How to set up SQLI Lab in in Kali

Hello everyone, with the joy of having new kali version somewhere few of us are having hard time in setting Dhakkan (AUDI-1) sqli series lab in our kali machine. So today we’ll be learning how to setup Dhakkan lab (one of the best labs I have seen for practicing and understanding SQL INJECTION) in our… Continue reading →
The post How to set up SQLI Lab in in Kali appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/set-sqli-lab-kali/

Exploit Windows PC using EternalBlue SMB Remote Windows Kernel Pool Corruption

This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is… Continue reading →
The post Exploit Windows PC using EternalBlue SMB Remote Windows Kernel Pool Corruption appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/exploit-windows-pc-using-eternalblue-smb-remote-windows-kernel-pool-corruption/

Netcat Tutorials for Beginner

From Wikipedia In the field of hacking most utilized and powerful tool use by attack is popularly known as “Netcat” which is a computer networking function for analyzing from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At… Continue reading →
The post Netcat Tutorials for Beginner appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/netcat-tutorials-beginner/

Exploit Remote PC with SSL Certified Meterpreter Payload using MPM

Through this article you can learn how an attacker would able to generate a SSL certificate for any exe or bat file payloads so that he might be able to establish a connection with host through meterpreter session. The firewall spoof the network traffic and verifies trust certificates to establish connection itself as a trusted… Continue reading →
The post Exploit Remote PC with SSL Certified Meterpreter Payload using MPM appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/exploit-remote-pc-ssl-certified-meterpreter-payload-using-mpm/

5 Ways to Create Dictionary for Bruteforcing

We live in digital era, and in the world of technology everything is password protected. There are many ways to crack the password such as social engineering, try and error method, etc. but the three only two most successful methods of password cracking i.e. Dictionary attack and Brute force. Both of them has there perks… Continue reading →
The post 5 Ways to Create Dictionary for Bruteforcing appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing/

Scan Website Vulnerability using Uniscan (Beginner Guide)

Through this article we are trying to elaborate the word Enumeration using Kali Linux tool UNISCAN. Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner as well as work as enumerating tool in order to gather information like open ports and protocol related to target and investigate it… Continue reading →
The post Scan Website Vulnerability using Uniscan (Beginner Guide) appeared first on Hacking Articles.

Link: http://www.hackingarticles.in/scan-website-vulnerability-using-uniscan-beginner-guide/