Search the Community

A vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface). Currently, the vulnerable application contains the following challenges: Buffer Over-read (simulated) Command Execution SQL Injection Enumeration XML Horizontal Access Control Vertical Access Control If you want to know how to solve these challenges, take a look at the PETEP website, which describes how to use the open-source tool PETEP to exploit them. Tip: Before you start hacking, do not forget to check the data structure of the messages below. [hide][Hidden Content]]

Silver is a front-end that allows complete utilization of (masscan,nmap) programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more. Features Resumable scanning Slack notifcations Multi-core utilization Supports: IPs, CIDR & hostnames Vulnerability data caching Shodan integration Dependencies nmap masscan Python libraries psutil requests [Hidden Content]

This is a forked modified version of the great exploitation tool created by @welk1n. This tool can be used to start an HTTP Server, RMI Server, and LDAP Server to exploit java web apps vulnerable to JNDI Injection. Here is what I’ve updated on his tool: Added support to serialized java payloads to LDAP payloads. This allows exploitation of any java version as long the classes are present in the application classpath ignoring completely the trustURLCodebase=false. Added a proper menu with a help display and guidelines (and a fancy ascii banner just because :-p) Added some command line parameters to modify the IP:PORT of the services. This helps in situations where the target can only access specific ports like 25, 53, 80, 443, etc. Added standalone mode to all services, that way you can start only the JettyServer (HTTP), RMIServer, or LDAPServer. The HTTP address can also be changed on standalone mode to redirect requests to a different server. This is helpful in cases when the target can only access a single port (like port 53) and you need to jump across multiple servers in port 53 for successful exploitation. Modified the ASMified Transformer payload (java bytecode) to detect the operating system where the exploit code will be detonated (windows or Unix like systems) and automatically runs the command into a proper terminal shell using the command Runtime.getRuntime().exec(String[] cmd) automatically mapping it to “cmd.exe /c command” or “/bin/bash -c command”. That way we can control pipes and write output to files, etc. Added the JNDI bypass using groove published by @orangetw Modified the Expression Language in the EL bypass to a more concise payload that detects the operational system and runs the command in a proper terminal (similar to the modified ASMified Transformer code). Added two more JDK templates, JDK 1.6 and JDK 1.5. This is important in the case of legacy systems that have ancient Java versions. [hide][Hidden Content]]

Damn Vulnerable NodeJS Application. ADDED BUGS Prototype Pollution No SQL Injection Cross-site Scripting Broken Access Control Broken Session Management Weak Regex Implementation Race Condition CSRF -Cross-Site Request Forgery Weak Bruteforce Protection User Enumeration Reset Password token leaking in Referrer Reset Password bugs Sensitive Data Exposure Unicode Case Mapping Collision File Upload SSRF XXE Open Redirection Directory Traversal [hide][Hidden Content]]

Fawkes - Tool To Search For Targets Vulnerable To SQL Injection (Performs The Search Using Google Search Engine) [hide][Hidden Content]]

[hide][Hidden Content]]

Hacking Vulnerable Websites 1. SQL Injection - Bypass Login Algorithms, Sabotage The Data, Etc. 2. Denial of Service Attacks - Deny Legitimate Users Access To The Resource 3. Cross Site Scripting XSS- Deny Legitimate Users Access To The Resource These Are Three Top Notch Way To Hack a Vulnerable Website *take care of them

[Hidden Content]

Server-Side Request Forgery (SSRF) vulnerable Lab This repository contain PHP codes which are vulnerable to Server-Side Request Forgery (SSRF) attack. I would like to say Thank You to @albinowax, AKReddy, Vivek Sir (For being great personalities who always supported me), Andrew Sir - @vanderaj (for his encouraging words) and those researchers who contirubuted in DNS rebinding attack based research Vulnerable codes are meant to demonstrate SSRF for below mentioned 5 scenarios: 1. Application code that fetches and display the content of the specified file In programming languages, there are functions which can fetch the contents of locally saved file. These functions may be capable of fetching the content from remote URLs as well local files (e.g file_get_contents in PHP). This functionality can be abused if application is not prepending any string to the user supplied data to fetch the content from a file i.e application is not prepeding and directory name or path to the user supplied data. In this case, these data fetching function can process the schemes like "http://" or "file://". When user specifies the remote URL in place of file name like "[Hidden Content]", the data fetching function extract the data from the specified URL. In case if application is prepending any data string (for example any directory name) to user data, "http://" or "file://" scheme won't work and exploitation of SSRF vulnerability is not possible. Guide to Exploitation of Scenario 1 2. Application provides interface to connect to Remote Host Web application has interfaces that allow an user to specify the any IP with any port. Here the application has functionality which tries to connect to service like "MySQL", "LDAP" etc. Application expects user to specify the remote server hostname/IP, username and password in input fields. Application then tries to connect to the remote server over specified port. Here in this scenario, application tries to communicate to remote service listening on specific port. When vulnerable code has functionality to connect to server like MySQL and user specified the SMB port, vulnerable application will try to communicate to SMB servie using MySQL server service packets. Even though, the port is open, we are not able to communicate to the service due to difference in way of communication. This behaviour can be exploited to perform internal network scanning not just to enumerate IPs but Ports as well on those live IPs. Guide to Exploitation of Scenario 2 3. Application with File Download Functionality In this case, an attacker can exploit this functionality to perform IP scanning inside the network where application server is hosted. The function which performs the task of downloading file from server, can download file not just from local server but also from SMB path as well. This is something which can help an attacker to figure out the Windows based machines in the network. Web application hosted on Windows OS will process the SMB path as well if file download functionality is processing user input without prepending any data. Guide to Exploitation of Scenario 3 4. Bypassing IP blacklisting using DNS Based Spoofing The script has funcionality which allow user to fetch data from remote URL. User need to specify the remote URL with any IP or domain name. The script perform check if user has specified the input as "localhost", "Internal IPs" or "Reserved IPs". If domain/IP specified by user is blacklisted, script will not fetch the content and stop processing. Guide to Exploitation of Scenario 4 5. Bypassing IP blacklisting using DNS Rebinding Technique Application has implemented black listing of not just internal and private range IPs but also rsolve the user supplied domain to its IP and again perform check if resolved is black listed or not. In this case, DNS based spoofing trick will also not work to access the content hosted on internal/Reserved IP. Application code perform domain resolution to its IP and again perform black listed IP check for the resolved IP. Guide to Exploitation of Scenario 5 Ofcourse, --==[[ With Love From IndiShell ]]==-- --==[[ Greetz To ]]==-- Guru ji zero, Code breaker ICA, root_devil, google_warrior, INX_r0ot, Darkwolf indishell, Baba, Silent poison India, Magnum sniper, ethicalnoob Indishell, Reborn India, L0rd Crus4d3r, cool toad, Hackuin, Alicks, mike waals, cyber gladiator, Cyber Ace, Golden boy INDIA, d3, rafay baloch, nag256 Ketan Singh, AR AR, saad abbasi, Minhal Mehdi, Raj bhai ji, Hacking queen, lovetherisk, D2, Bikash Dash and rest of the Team INDISHELL --==[[Love to]]==-- My Father, my Ex Teacher, cold fire hacker, Mannu, ViKi, Ashu bhai ji, Soldier Of God, Bhuppi, Gujjar PCP Mohit, Ffe, Shardhanand, Budhaoo, Jagriti, Hacker fantastic, Jennifer Arcuri, Thecolonial, Anurag Bhai Ji and Don(Deepika kaushik) [HIDE][Hidden Content]]

> [Hidden Content] Mount: Point to any *.pls radio Sid: Dummy control, active/desactive the player button Title: On screen message Website: Hyperlink to any website Test Result: [Hidden Content]