Kali Linux: Backdoor-factory tool

In this post I would like to introduce you to a not so well-known yet useful Kali Linux for exploitation as well as maintaining access. This Kali Linux tool called Backdoor-Factory.

Backdoor factory can be used to gain access to Windows 7, 8, and 10. Even though this tool is useful but it is not very convenient since the victim needs to execute a certain executable file before we can get the session to gain the access. However, it is good in a way when we do not want the victim to be suspicious since when the victim executes the file, the victim would not know the malicious shellcode is running in the background. Continue reading

Playing Around with DVWA

After installing DVWA a couple weeks ago, it is futile if we do not make use of it. Just like what Anton Checkov said “Knowledge is of no value unless you put it into practice”. DVWA is one of the safest place for pentester to learn. Here in DVWA we could learn a lot such as reading and understanding the code and finding its vulnerability, trying to do brute force, command injection, and many more. In this post I will cover low level sql injection and low level file inclusion.

if you have not install the DVWA please refer to DVWA installation. Else, lets start.

Continue reading

Social Engineering as Part of Penetration testing

Social Engineering in term of information security means the use of deception to manipulate individuals to share their personal information. Social engineering can also deceive people to think that they are doing the right thing but in reality they are not. Why we should be aware of social engineering? Development of technology like web application depends on people, process, and technology. Among those three, it can be said that people are the weakest link to break into the system.

One way to do social engineering is to get a person’s personal information such as password and username. This can be done by duplicating the web page and send email to the web application users. Below is the example of how it could be done.

Continue reading