Category Archives: Uncategorized

A part of penetration testing is presenting the findings to clients. Documentation, report preparation, and presentation are important and must be done in a systematic and structured, and consistent manner. These are the types of reports 1. Executive Report The … Continue reading →

Social Engineering Toolkit (SET) is an advanced and easy-to-use computer-assisted social engineering toolset, created by the founders of TrustedSec. Now, I will try to create a fake login page using SET and credential harvester. The goal is to obtain the email and … Continue reading →

Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. On security infrastructure, There are people, process, and technology. People are the weakest link in the security defense of any organization. Attack Process 1.Intelligence gathering 2.Identifying vulnerable … Continue reading →

We’ve already learned how to install DVWA, now, let’s try it to search some sites’ vulnerabilities. This is the DVWA homepage For a beginner, set the security level to low Go to command injection. You can ping any IP address … Continue reading →

Change directory to web root directory (/var/www/html) using the cd command Then download the file from github using wget command (https://github.com/ethicalhack3r/DVWA/arch ive/master.zip) After it fully downloaded, unzip the master.zip Move the content from directory DVWA-Master to web root directory using mv command Then … Continue reading →

Once the operations of information gathering, discovery, and enumeration are complete, it is time to find vulnerabilities that might exist in the target infrastructure. Vulnerability mapping is the process of identifying and analyzing the critical security flaws in a target … Continue reading →

WPScan is a black box vulnerability scanner for WordPress site. WordPress is a popular open source content management system. A lot of people use WordPress. That’s why WPScan is necessary. Now I will try to find the username and password … Continue reading →

Google hacking or Google dorking is a hacking technique that use Google search to find security holes in the code that website use. Dorks are keywords used to filter put desired results from Google database. Now, I want to try the … Continue reading →

Identify Target Machines Ping to check if the host is available or not It works by sending an Internet Control Message Protocol (ICMP) echo request packet to the target host. It will reply with ICMP echo reply if the host is … Continue reading →

Information gathering is the 2nd phase of the Kali Linux Methodology. In this phase, we collect as much information about our target, such as Domain Name Server (DNS) hostnames, IP address, technologies used, etc. I will deliberate some tools available … Continue reading →