Hey folks, We’ve just released an automation tool for pentesters and cybersec researchers, go check it out on GitHub: GitHub - freelabz/secator: secator - the pentester's swiss knife. You can improve your productivity of using dozens of common tools like nmap, ffuf, nuclei, dnsx, maigret with a common interface and output formats (JSON, CSV, database …). You can create use curated workflows and create custom workflows in YAML formats to automate your daily pentesting / bug bounty tasks. We have an overview / get started tutorial on YouTube also: https://www.youtube.com/watch?v=-JmUTNWQDTQ I’m ..read more

Hi Team, We are attempting to perform penetration testing on POS (Point of Sales) Application. Did any one come across such testing before. We need some help on how to perform pen testing and what tools are used? We tried intercepting the traffic in order to conduct penetration testing on POS applications such as Oracle Xstore and Samba POS. However, we are currently unable to capture the traffic. Could you please assist us in determining if Burp Suite supports POS applications? 1 post - 1 participant Read full topic ..read more

Explore Linux Privilege Escalation using SUDO with this insightful blog. Learn about sudoer file syntax, sudo command nuances, and exploit methods using zip, tar, strace, tcpdump, nmap, scp, and more. Check the detailed guide at Original Source. Share your thoughts and tricks in the comments! Penetration Testing and CyberSecurity Solution - SecureLayer7 – 23 Jul 18 Abusing SUDO Advance for Linux Privilege Escalation – RedTeam Tips Abusing SUDO Advance for Linux Privilege Escalation If you have a limited shell that has access to some programs using thesudocommand you might be able to […] Est ..read more

Soo, I was invited to a private program by a company to pen test. The company uses Cloudflare, encrypted the body of their requests with a custom encryption algorithm and blocked all direct access to the Ip address of their server with cloudflare. Encrypting the body of their request means i can’t view the content of the main request content i need. If you were promised a million dollars to find a security bug in their infrastructure, what will be your approach, what are the things you will look out for considering that all request bodies from their website to their server is encrypted. If you ..read more

Hiya, I am trying to create a realistic cybersecurity scenario for response testing. I am not a Pentester but work in info sec. The scenario I have developed covers how the attacker gets in to the system and could extract the data from a web app (getting round MFA). I wanted to ask would there be a way to encrypt the data so that if a mass export was done by the attacker it would bypass IDS/IPS. Many thanks 1 post - 1 participant Read full topic ..read more

Hello All! I am currently running version 5.3 of Parrot on my VirtualBox as a VM. However, when I try installing and using the VNC client, I cannot connect to my machine. I am using an SSH Client called MobaXTerm to use their VNC session tool. (Attached below is how the UI looks) I download the TigerVNC standalone server on my VM using the command: apt install tigervnc-standalone-server Upon installing, I start the vncserver (the “:2” references the port number being used, in this case it will be 5902) on my VM using the command: vncserver :2 I use the command netstat -tuln | grep 5902 A ..read more

Hi everyone, I m working under Blach Arch distribution and facing an issue during the server start. Actually, I executed the bellow commands : sudo pacman -S virtualbox virtualbox-guest-iso sudo gpasswd -a $USER vboxusers sudo modprobe vboxdrv yay -Syy yay -S virtualbox-ext-oracle sudo systemctl enable vboxweb.service But I get an error after executing the bellow command : sudo systemctl start vboxweb.service Error: Job for vboxweb.service failed because the control process exited with error code. See “systemctl status vboxweb.service” and “journalctl -xeu vboxweb.service” for details. Could y ..read more

Hello (sorry for posting here, I didn’t find a corresponding category.) I would like to know if there is a way to obtain information from a French mobile number. A member of my family received a message from a stalker describing her washing dogs in the garden (which he really was doing) and threatened him. Given the nature of the French police, I would like to take the lead in recovering evidence. I have just 2 months of practice in pentesting and have not yet gone beyond the easy level on the tryhackme boxes. Thanks you. 1 post - 1 participant Read full topic ..read more

G’Day, Hackersploit Community! I’m a cybersecurity researcher conducting a study on the use of Bloodhound in penetration testing, red teaming, and offensive cyber operations. Your expertise could provide invaluable insights into these practices. Who I’m Looking For: Individuals with hands-on experience using Bloodhound. Those willing to share their insights. What’s In It For You: An opportunity to contribute to a study that aims to enhance deployment of cybersecurity deception tools. acknowledgment in research publications (username or real name as preferred) How to Participate: Please re ..read more

Hello all for my bachelor thesis I am looking for IT security experts who can and want to participate in my online survey. It is about the effectiveness of a zero trust segmentation to protect against lateral movement attacks. The survey will only take about five minutes. The survey can be accessed at the following link: https://www.empirio.de/s/ZWducdVbau I am looking forward to your participation and a discussion here. Thanks a lot. 1 post - 1 participant Read full topic ..read more