🌀Code Injection/Execution OR code injection attack

-
🌀Code Injection/Execution🌀

In this vulnerability an attacker maliciously takes advantage of a script which contains system functions/calls,to read or execute files on a remote server.This is synonymous to having a backdoor shell.Needless to say that under certain circumstances privilege escalation is possible.

Inthis example a script is using the exec()function to execute the ping command.However,the host is dynamic as it is being passed via an HTTP GET request:

Popular posts from this blog

🌀 SMURF ATTACK 🌀

-
Image
🌀 SMURF ATTACK 🌀 A smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping messages.This creates high computer network traffic on the victim’s network,which often renders it unresponsive. Smurfingtakes certain well-known facts about Internet Protocol and Internet Control Message Protocol (ICMP)into account.ICMP is used by network administrators to exchange information about network state,and can also be used to ping other nodes to determine their operational status.The smurf program sends a spoofed network packet that contains an ICMP ping.The resulting echo responses to the ping message are directed toward the victim’s IP address.Large number of pings and the resulting echoes can make the network unusable for real traffic
Read more

🔥How to Create a Malicious PDF Using Metasploit for Ethical Hacking Practice❓

-
Image
Disclaimer: This tutorial is for educational and ethical hacking purposes only. Unauthorized access to systems is illegal and punishable by law. Always get proper permission before testing. Metasploit is one of the most powerful tools in any ethical hacker’s toolkit. In this guide, we’ll walk through the steps to create a malicious PDF file embedded with a Meterpreter payload using Metasploit. This method is commonly used for penetration testing on Windows systems. --- Step 1: Launch Metasploit Start by opening your terminal and running the Metasploit Framework: msfconsole --- Step 2: Search for an Appropriate Windows PDF Exploit We need an exploit that targets Adobe PDF files on Windows. Use the following command to search Metasploit's database: msf > search type:exploit platform:windows adobe pdf Look for this exploit in the results: exploit/windows/fileformat/adobe_pdf_embedded_exe Select it with the use command: msf > use exploit/windows/fileformat/adobe_pdf_embedded_...
Read more

⚠️List of terms used in the field of hacking.⚠️

-
Image
🚩Adware − Adware is software designed to force pre-chosen ads to display on your system. 🚩Attack − An attack is an action that is done on a system to get its access and extract sensitive data. 🚩Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections. 🚩Bot − A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a higher rate. 🚩Botnet − A botnet, also known as zombie army, is a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks. 🚩Brute force attack − A brute force attack is an automated and the simplest kind of method to gain access to a system or website. It tries different combinatio...
Read more