Cross-site Scripting (XSS) on DVWA

Cross-site Scripting (XSS) is one of the common vulnerabilities found in web applications. It is considered as a type of injection in the client-side that will affect the other users. It also may be used by attackers to bypass access controls such as the same-origin policy.
In this post, I’m going to show you some examples of Reflected, Stored, and DOM-Based XSS in DVWA (click here for DVWA’s installation guide on Linux) and why is it considered as a vulnerability.

Continue reading

Create a Phishing Website

Attention: This post is for educational purposes only. I do not advise or encourage anyone to do the following process for malicious reasons.

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. Phishing might be useful during the Social Engineering step in Kali Linux Penetration Testing process. Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities.

In this post, I’m going to show you how to create a phishing website using 2 methods: BeEF XSS Framework and SET. Not only that, I’ll talk about how a hacker persuades their target to go to his/her fake website and obtain the important information.

Continue reading

Installation Guide for DVWA on Linux

According to DVWA’s website, Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment.

DVWA’s Installation Steps

Continue reading

Let’s talk about Port Scanning!

Port Scanning is one of the methodologies that will be conducted during Enumerating Target process. This process will scan all TCP Ports or UDP ports, not only just the well-known ports which make the process could take a minute or two. This process also helps in determining which TCP and UDP ports are open, closed, or filtered.

In this post, I’m going to talk about the differences between TCP & UDP port, types of port scanning, and also showing how to do port scanning using Nmap!

Continue reading

Enumerating Target

After knowing that the target machine is available or active during the Target Discovery process. The next thing to do is enumerate invaluable information such as email, username, password, or any services available on the target systems. This will be used to help us as pentesters in identifying vulnerabilities on these services.

In this post, I’m going to use WPScan and TheHarvester to help me enumerate my target:

♡ usernames from wp1.pentest.id

♡usernames from  jo1.pentest.id

♡ find emails that has @pentest.id and @gmail.com

Continue reading

Target Discovery (still ongoing)

After information gathering, the next step is to discover our target machines. This process is commonly known as Target Discovery.

Why do we need to identify our target machines?

  • To find out which machine in the target network is available. If the target machine is not available, we won’t continue the penetration testing process to save more time.
  • To find the underlying operating system used by the target machine which will help us during the vulnerabilities mapping.

Same like the last post, my target is pentest.id.

Continue reading

Google Dorks’ Guide

Google Dorks is a hacking technique that utilizes Google Search Engine and other Google applications to find security holes in the configuration and computer code that websites use. Since Google has a searching algorithm and indexes most websites, it can be useful for a hacker to find vulnerabilities, hidden information, and access pages on the target.

In today’s post, I’m going to show you how to utilize Google for your hacking experience.

Continue reading