Java Applet JMX Remote Code Execution Java exploits are client side exploits that mostly target browsers to run arbitrary command on the system. These exploits are put up on a webpage in the form of a java applet. When a victim visits the url and allows the applet to run, the java runtime or JRE is exploited to execute arbitrary command on the system and get control. The “JMX Remote Code Execution” exploit is a [...]

Adsl Routers Adsl routers are very common now a days as the primary hardware device used to connect to broadband connections. The modems connect to the broadband service using the username/password. Then the pcs connect to this router to form a local area network. The pcs use the router as the primary gateway to connect to the internet. So it is only the router that is directly connected to the internet and not the individual [...]

Password Cracking John the ripper is a popular dictionary based password cracking tool. It uses a wordlist full of passwords and then tries to crack a given password hash using each of the password from the wordlist. In other words its called brute force password cracking and is the most basic form of password cracking. It is also the most time and cpu consuming technique. More the passwords to try, more the time required. John [...]

Learn web penetration testing PentesterLab is an easy and great way to learn penetration testing. PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. Pentesterlab.com provides multiple kinds of vulnerable system images that can be used to practise penetration testing. Each system is based on a different set of vulnerability and is a separate exercise. Check out the available exercises. Each exercise comes with an iso image of the system in [...]

Repeat request in a loop Burp Intruder can do various kinds of fuzzing attacks with provided payloads. And the Burp repeater can repeat requests. However if you need to repeat a certain request in a loop again and again then here is the technique to do it. This is done through the Burp Intruder with “Null payloads”. 1. Select your request in the Proxy tab and click “Send to Intruder”. 2. In Intruder, in the [...]

Crackstation Defuse Security have released the biggest wordlist of passwords used in their Crackstation project. Contains around 1,493,677,782 words (1.5 billion) and the size is around 15GB. It is available for download for free. The website describes it as The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved [...]

Brute force password cracking Hydra is a popular password cracking tool that can be used to brute force many services to find out the login password from a given wordlist. It is included in kali linux and is in the top 10 list. On ubuntu it can be installed from the synaptic package manager. For brute forcing hydra needs a list of passwords. There are lots of password lists available out there. In this example [...]

When you start Kali, the grub boot menu comes up which waits for around 5 seconds before booting. Now if there are other oses alongside kali then the grub menu is useful. However if kali is the only os on the system, or for example kali is running inside virtualbox then it is of little use for the grub menu to wait. So to remove the grub menu waiting and boot instantly, edit the file [...]

Kali linux uses the root user, since root privileges are needed to run various security tools like nmap and wireshark etc. However its uneasy to type the root/toor combination everytime Kali boots. So to make things simple just make the user root login automatically at system start. And here are the simple steps to do it. Open and edit the file called /etc/gdm3/daemon.conf. root@kali:~# leafpad /etc/gdm3/daemon.conf In the daemon section uncomment the 2 lines for [...]

Apache and mysql are installed by default in Kali Linux. They can be accessed through the Kali Linux menu in Applications. To start apache web server click the menu entry at “Applications > Kali Linux > System Services > HTTP > apache2 start”. Similary to start mysql click MySQL > mysql start. However starting services manually everytime is a waste of time and its better to get them to start automatically at boot. To configure [...]