October 15, 2015

[Without Quotes] String Based SQL Injection

Today, I'm going to discuss a special case of string based SQL injection where you can perform the injection without the use of quotes. You heard it right, absolutely no quotes at all in string based injections. This may come in handy if the quotes are blocked.

Read

September 29, 2015

[PHP][C++] Root Exploiter (Part 2) – No Back-Connect

This post has the same goals as of the previous one i.e. to get root access on the target machine with just a PHP interface and no back-connect or reverse connection. So, if you haven't already, read the part 1 of this post here [PHP][Python] Root Exploiter – No Back-Connect.

Read

September 23, 2015

[PHP][Python] Root Exploiter – No Back-Connect

Have you ever had any of the following issues? Shell access to a vulnerable (Rootable) server with a known root exploit but no reverse or back connection. Shell access to a server and you know the root login credentials but no SSH or any other means

Read

August 26, 2015

[Python] Making Your Own Google Scraper & Mass Exploiter

In this Step by Step Tutorial, I'll show you how to make your own Google Scraper (Dork Scanner) and Mass Vulnerability Scanner / Exploiter in Python. Why Python? .. Because Why not ? Simplicity Efficiency Extensibility Cross-Platform Runability Best Community.

Read

August 19, 2015

Acid Server 1 – Solution Walk-through

I love to solve CTF challenges. Even though, most of the time these challenges are far from the actual real world scenarios but still I really enjoy them. These are like Games & Scavenger Hunts where at the end, You get to see a (very cool) Flag.

Read