We have been doing the Pass The Hash/Password attack in the previous article. This article will focus on tokens and how … [Read More...]
Featured Articles
Pass The Hash Attack
So far, we have been attacking the machines to gain the access to machines. We have been dumping the credentials through … [Read More...]
BloodHound (Visualizing AD and Unveiling Attack Surface)
So far, in the post-compromise AD enumeration, we have been using the PowerView tool to gather information. That tool … [Read More...]
Editorial Picks
Latest Blog Updates
Safer Node.js code with Mocha and Chai
Infosec pros spend most of their time finding and preventing bugs. But what about after you fix a bug? The odds are that in the future, some dev will refactor the code, making many already fixed vulns come back. The cycle goes on and on. Luckily, the field of software engineering has a solution made for exactly this kind of problem: regression testing. Every time you fix a bug, you should add a test that will fail if any devs ever add the buggy behavior back into the code. Better testing means safer Node.js code. Node.js is one of the most popular ways to use JavaScript, and as such, it powers a big portion … [Read More...]
Python DDoS Scripting
How to DDoS with Python. We setup a sever with vulnerability and create an exploit that we will script together. We use the python flask library or framework to create an API where you give it a Fibonacci number where we are programming in a recursive way to be vulnerable. Afterwords the real fun pentesting! … [Read More...]
Elementor Unauthenticated DOM XSS
According to research, WordPress is in use by 43.2% of all websites on the internet in 2022. Developing WordPress websites is easy and plugins make it easier by providing more flexible options and feasibility. Elementor is marketed as the #1 free WordPress website builder. From the official WordPress plugins website, Elementor is THE #1 WEB CREATION PLATFORM, POWERING OVER 10M WEBSITES WORLDWIDE. Elementor Unauthenticated DOM XSS triggers XSS by just visiting a URL. Elementor is WordPress's leading website-building platform, enabling web creators to build professional, pixel-perfect websites with an intuitive … [Read More...]
Dark web hacking forums: black hats in the shadows
The dark web has become a source of legend and wrong info since the term showed up in the internet's vocab. Tales of hitmen and hackers for hire. But the truth about dark web hacking forums is much less wild. The top hacking forums really just feature simple scams, data dumps, and cheap fraud tricks. Users tend to be third world IT types looking to make an easy buck. Still, you can get good intel as an infosec pro by scouring these sites. For example, some sites often have data dumps. You can learn whether hackers have leaked data from your org, because the dump will appear for sale on the dark web. There are … [Read More...]
Strapi CMS XSS | CVE-2022-32114
Strapi is the leading open-source headless CMS. It is 100% JavaScript, fully customizable and developer-first. Strapi CMS Stored XSS (Cross Site Scripting) allows the attacker to execute arbitrary code through an unrestricted file upload vulnerability from an authenticated user having permission/privilege to upload files. This exploit has base score of 8.8 according to NVD and CVE-2022-32114. The vulnerability exists in Strapi v4.1.12 and is now fixed in the latest version. About Strapi The original purpose of the project was to help Bootstrap your API and Strapi was created. It gives developers the freedom … [Read More...]