Monthly Archives: June 2019

Sqlmap is a powerful penetration testing tool used to detect and exploit sql injection vulnerabilities. For demonstration, team1.pentest.id will be attacked using sqlmap sqlmap -u “team1.pentest.id/?author=1/”  The result is that the sqlmap was unsuccessful due to error 403 forbidden.

Searchsploit is a convenient tool used when a quick search of exploits are needed. For example if a person wants to check if there is any vulnerability in WordPress, they can use searchsploit. Searchsploit shows exploits for wordpress themes, plugins … Continue reading →

Crunch is a useful password list generator for generating password lists based on criteria. crunch min max options where minimum is the minimum amount of characters, maximum is the maximum amount of characters and options are the characters used for … Continue reading →

Whois is a convenient tool used to search domain information. This tool shows registrar info, name server, expiration date and etc.

John the ripper is a powerful tool used for offline cracking tool. It can autodetect a lot of hashes such as FreeBSD MD5-based and etc. For demonstration, the shadow file in /etc/shadow/ will be cracked in the VM. From this … Continue reading →