Hello. In my research on Google, I discovered the tool “Weevely” that allows easy access to a Shell PHP Application and indérer also a Backdoor. 1 – But my concern is how to use “Weevely” for a PHP application based on SSL (HTTPS) ??? I wonder if “Weevely” supports SSL – HTT ...more
Hello. Here are below the result received after scanning the web application: Nmap: PORT STATE SERVICE VERSION * Nmap: 21/tcp open ftp Pure-FTPd I wonder if anyone know of a great Exploit to operate the FTP server (Pure-FTPd) found above open when scanning with Nmap? What E ...more
Hello everyone. After scanning my site, I noticed that the FTP Port (21) is open and so I decided to use the exploit "vsftpd234backdoor" and PAYLOAD "cmd/unix/Interact" to enter the Server Shell the site in question using as RHOST the IP address of the site concerned hosted b ...more
HELLO. I want to know if anyone knows the Web Scanner "VEGA"? If so, do you think it (VEGA WEB SCANNER) is effective ? Do you agree that the results of web scanning performed with "VEGA" are not false positives ??? Thank you.
Hello. I would like to share this to know how to send a backdoor in a web application ??? Must we always look with a tool like DirBuster for example, all hidden files to find the direction or the file directory "upload.php" such that uploads malicious applications in the appl ...more
Hello. I would like to know please, to use the payload "windows / meterpreter / reversetcp" for example, must necessarily add a backdoor with "msfvenom" in the target system. But how then add the backdoor with "msfvenom" if there is no access to the target computer system? H ...more
HELLO. I would like to know why in most pentest with Metasploit Tutorial I watched, I noticed that the IP address used are not necessarily those of the victims live. Example: For a. ASP site which has as address normal IP 192. 168. 174. 136, I do not understand why bearing a ...more
Hello. How to target a single site with Metasploit if this site is based on an IP address that hosts several web site ??? Thank you.
Hello. I have a local site; When I run localhost/index.php?id =1 and I added him a sign (') like localhost/index.php?id =1' I get a message following error: Warning: include() function.include: Failed opening '' for inclusion (includepath='.:/usr/share/php:/usr/share/pear') ...more
Hello everyone. My question to all who know SqlMap it is able to penetrate the databases of financial systems? Do you think that banking systems are sophisticated enough against SQL Injections (even the blind type) to protect against the SQMAP Tool ??? Thank you for informin ...more
Hello. I wonder if SQLMAP support vulnerable sites to "Time-Based Blind SQL Injection using Heavy Queries" ??? For example: ////// informatica64.com/blind2/pista.aspx?idpista=1 and (SELECT count() FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, s ...more
Hello. I discovered "Marathon Tool", a tool That allows you to run heavy queries to find the vulnerability of "SQL injections based-time". Looking where to find the "HTTP proxy" to run this software (Marathon Tool) that does not support SSL but accepts the configuration "HTT ...more
Hello everyone. I wonder if you know "Marathon Tool", a tool that allows you to run heavy queries to find the vulnerability of "SQL injections based-time" ? If so, I would like to know how to use it (Marathon Tool) for SSL (ie for secure HTTPS sites) ? If not, tell me at le ...more
HELLO. I scanned my website with this scanner never used before and this is below it gives me the result: << Blind SQL injection was found at: "localhost/index.aspx", using HTTP method POST. The sent post-data was: "...ddOptionspassword=1 or pgsleep(5)...". This vulnerability ...more
I saw on Youtube (https://www.youtube.com/watch?v=pIKIXQNFplY&hd=1) a TUTORIAL on "BREACH ATTACK" and frankly, I admit that this is very interesting but I do not understand configuration. I downloaded the script BREACH on the same video on http://breachattack.com site. So I' ...more
Hello everyone. I have an online site created in ASP.NET and put online for only a week, I decided to scan it first with web scanner "VEGA" and a second time with "Acunetix Web SCANNER." After analysis, "ACCUNETIX" signals as a result "Hight" the site is vulnerable to XSS sc ...more
Hello everyone. I am trying to test a vulnerable Web application XSS locally (localhost). But the problem is that I would like to know in what part of the application inject JavaScript code to collect user cookies for this kind of application that only has the username and pas ...more
Hello everyone. I have 2 urgent and important issues are: 1 - Can you hack a vulnerable site XSS by injecting him JAVASCRIPT code to extract its secret data such as User Names and Passwords ? If so, how ? What JAVASCRIPT code used to collect data on a secret vulnbérable site ...more
Someone already used once HYDRA-GTK, GUI THC-Hydra? If so, I would like to know how to set Tuning that contains the Number of Task Timeout and at the bottom when we want to use it with a large dictionary of its kind RockYou.txt ? 1 - How much should I put as the "Number of Ta ...more
Hello. I've just installed Kali on a USB key and I would like to know what are the essential first commands to launch just right after installing KALI Linux on a USB key (for example, the commands for updating and other raw commands very important commands for a new installat ...more
Hello. I'm looking for the best tutorials on "how to access a remote computer with KALI LINUX" or just the "how to hack a remote computer"? Thank you in advance.
Hi. Do you know BREACH tool to extract secret data (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) on an HTTPS (SSL)? This tool (Breach), which was presented at the "BLACK HAT USA 2013" conference by three researchers in Infor ...more
Hello. I'm afraid my online banking account is hacked one day by a dictionary attack or brute force. I want to know if the banking systems are secure enough to protect bank accounts (online) against any attempt to brute force hacking? What advice can you give me to properly ...more
Hello. I would like download Kali to install it on a USB PORTABLE but I notice on the download page for Kali https://www.kali.org/downloads/ that are 2 kinds of ISO which Kali Linux 64 bit ISO and Kali Linux 32 bit ISO. And then frankly I am confused. Can you advise me which ...more
Hello. I am about to try HYDRA but I wonder one thing. To break the password of a web form (http-post-form) for example, I put a fake user name and a wrong password and just after validated I noticed the phrase following error : "The username or password is incorrect You ent ...more
I would like to know if I install Kali on a USB stick (as USB sticks are often vulnerable to virus infections), if the virus will not attack this quickly and destroy my laptop installation of Kali ??? There is not a better way to install Kali on a key without that key is subs ...more
Hello. I wonder whether if it's possible to install Kali Linux on a DVD or CD to use as a portable software already installed (DVD / CD) and use on any computer without having to post the install on this machine before using it ??? I just want to know if it is possible ?! T ...more
Hello. I have password lists (uniq.txt) I want to insert the following directory "/usr/share/wordlist /" Kali Linux as it is already the wordlist rockyou.txt. How then register my new password wordlist "uniq.txt" in the directory "/usr/share/wordlist /" Kali to easily use it ...more