Wordpress - pentestlab.wordpress.com - Penetration Testing Lab
General Information:
Latest News:
HTML Injection 26 Jun 2013 | 04:57 pm
HTML Injection is a vulnerability which occurs in web applications that allows users to insert html code via a specific parameter for example or an entry point. This type of attack can be used in comb...
FindMyHash 6 May 2013 | 11:06 pm
Often in penetration tests we discover password hashes. In this situation every penetration tester use the password cracking tool of his convenience ( like john the ripper) in order to crack the hashe...
Pen Testing SQL Servers With Nmap 22 Apr 2013 | 04:22 am
The Nmap Scripting Engine has transform Nmap from a regular port scanner to a penetration testing machine.With the variety of the scripts that exists so far we can even perform a full penetration test...
Dumpster Diving 28 Mar 2013 | 03:56 pm
Dumpster diving is a method of obtaining information about a company just by examining their trash.This technique was very popular especially back in the 90′s where many old school hackers like Kevin ...
Dumping Clear Text Credentials With Mimikatz 25 Mar 2013 | 04:26 am
If we have managed to get system privileges from a machine that we have compromise then the next step that most penetration testers perform is to obtain the administrator hash in order to crack it off...
Penetration Testing SQL Servers 18 Mar 2013 | 05:11 am
It is quite common to discover a Microsoft SQL server in a penetration testing engagement as many companies are having Windows environments. SQL servers are generally running on port 1433 but it can b...
Discovering Oracle Accounts With Nmap 10 Mar 2013 | 05:45 am
If we are conducting an infrastructure penetration test and we have discover an Oracle database during the information gathering stage then we can use Nmap to perform some checks that will help us to ...
Common Virtualization Vulnerabilities and How to Mitigate Risks 26 Feb 2013 | 03:26 am
Virtualization has eased many aspects of IT management but has also complicated the task of cyber security.The nature of virtualization introduces a new threat matrix, and administrators need to addre...
SQL Injection Authentication Bypass With Burp 25 Feb 2013 | 05:58 am
Burp is a tool that can be used in every web application penetration test to perform a variety of activities and to automate tasks.As a penetration tester you might want to test some things automatica...
Extracting Metada From Files 20 Feb 2013 | 04:00 pm
Penetration testers must be able to think outside of the box and to use whatever method is necessary in order to discover information about their targets.Malicious attackers will not stop in the conve...