penetration testing

If you are planning to pentest a WPA/WPA2 network (with No WPS), I have two words for you: Good. Luck. In all my experiments with penetration testing, I have found dictionary attacks on WPA/WPA2 handshakes to be the most annoying and futile exercises.

Table of Contents Background Attacking WEP Accessing router admin panel Upgrading router firmware Conclusion Disclaimer: For educational purposes only: This is meant merely to exhibit the dangers of using poor wireless security.

This is a demonstration of a Buffer Overflow attack to get remote shell of a Windows box. Vulnerable Program - Server-Memcpy.exe [Resource: SecurityTube] Vulnerable Function - memcpy Tools - msfpayload, Immunity Debugger

The vulnerability lies in how web pages are invoked on a web server. If an absolute path or direct referencing is used then it is possible to invoke pages on the server that a hacker has no business seeing.

When you log on to a web server, a session is created which is identified by a session ID. The session identifier can be a cookie. This cookie holds the session ID so that one can log in once for each session (From there on, the session is then passed on to various web pages one browses on that server).

IronGeek hosts a lot of good videos about testing web applications with Burp Suite. I tested these attacks out myself. Attacked Server: Mutillidae Test Page: Main Login Form Test Parameter: Username

As a web application penetration tester, when you find directory browsing enabled on a web server, you include it in your report, but you know subsequent exploitation might be a long shot depending on what information is actually exposed.

If you’re on a shared LAN and you are curious to know what kind of images people are searching for over the web on your Local LAN, you can use Driftnet.

This post is meant to elucidate web application brute forcing by providing a practical demo. Read up on Authentication Brute Force here. OWASP testing guide is your friend in Web Application Hacking.

Read up on command injection here. OWASP testing guide is your best friend while learning web applications hacking or penetration testing. I tested the attack on two different vulnerable applications, one of which is Mutillidae.