Hidden MiningWebsites are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies. Scenario then vs now: Websites using crypto-miner services could mine cryptocurrencies with your browser memory when you visit their site. Feasibility: Once you close the browser window, they lost access […]
Knowledge-base
Gain Root without Password- macOS Sierra
A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords. In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and […]
Exploiting Browsers using PasteJacking and XSSJacking Vulnerability
Hi Readers, in the field of penetration testing, we all know attacks such as Clickjacking, Cross Site Scripting etc. These are attacks from most OWASP Top 10 test cases. Today we will look into some advanced attack vectors which have been lately around sometime but not all are aware of. Pastejacking. The art of changing […]
Automating Web Apps Input fuzzing via Burp Macros
Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be known to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation. In my penetration testing career so far, while performing […]
PageKit Open Source CMS Penetration Test
Overview Under the SecureLayer7’s Gratis Pentest Summer 2016, our consultant “Saurabh Banawar” have performed the 2 days penetration testing on the PageKit open source CMS application. Following vulnerabilities Saurabh have found during the penetration testing. Vertical/Horizontal Authentication Bypass or Password Reset Vulnerability (Critical) – CVE-2017-5594 Server side information disclosure (Medium) Misconfiguration Improper use of .htaccess […]
Learn About Race Conditions Vulnerability
To learn about Race Conditions Vulnerability, let us start with an example – Imagine yourself in a bus, where all the seats are occupied and several people are standing. Now, the destination of one of the passengers seated has arrived. He gets down the bus leaving his seat vacant. You see that vacant seat and […]
Everything about the CSV Excel Macro Injection
CSV Excel Macro Injection, also known as Formula Injection or CSV Injection, is an attack technique which we use in the day to day penetration testing of the application. CSV injection is a vulnerability which affects applications having the export spreadsheets functionality. These spreadsheets generate dynamically from invalidated or unfiltered user inputs. Modern web applications offer […]
Attacking Metasploitable-2 Using Metasploit
While i was working around with Metasploit recently, i stumbled upon these very interesting exploits in which we could attack Metaspoiltable-2 using Metasploit. What got me grabbed was that due to what could we possibly do this? Let’s have a look. What is Metasploitable Metasploitable is a Linux virtual machine which we deliberately make vulnerable […]