wikihak 22 posts 0 comments

Let's say that you have a target and want to find the IP space for that target. By knowing this info you will have a good reference for how much they have out there on the internet. The following sites will give you a good start to find…

Discovering subdomains manually would take an age. There are a lot of tools out there to find subdomains, but you can't depend on just one tool to enumerate subdomains. Top bug bounty hunters have their own tools that automate the recon…

DNS (Domain Name System) uses both TCP and UDP port 53 The most commonly used port for DNS is UDP 53. This port is used when a computer, mobile etc.. connect with a DNS server to resolve a particular domain name. Domain Name System uses …

First, Activate My image plugin by visiting http://localhost/nibbleblog/admin.php?controller=plugins&action=install&plugin=my_image Second, upload your PHP shell and ignore the warnings: Go to the following link.…

It's always easy to transfer files on Linux because the systems have default tools such as netcat, wget, or curl. But windows does not have these tools. VBScript A good script to make a wget-clone in VB. echo strUrl =…

Simple Local Web Servers Run a basic HTTP server with Python: python -m SimpleHTTPServer 80 Run a basic HTTP server with Python3: python3 -m http.server Run a ruby webrick basic HTTP server: ruby -run -e httpd . -p 8000 Run a PHP …

After getting Magento admin credentials, you will need to upload a shell. You can do that by uploading a Magento package containing the PHP shell. You can download the package from here: https://github.com/lavalamp-/LavaMagentoBD or…

After getting Wordpress admin credentials, you will need to upload a shell. You can do that by uploading a fake Wordpress plugin containing the PHP shell. Or you can go to the Appearance menu and then went to the Editor. On the top of the…

During penetration testing, for example, if you found a vulnerable web application and were able to get a reverse shell back to your machine. Usually, the shell that you receive is own by the user of the running service such as "www-data"…

Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015. You can create multiple payloads with this module, it will help you to get a shell in almost any scenario. Note:…