Category: Software Topics

PenTest Edition: SQL Injection Attacks Using Both Burp Suite and Sqlmap

In this tutorial, I'm using BurpSuite to grab cookie information from a user and feed it into an SQL injection attack using sqlmap. To perform this attack, I'm using the Damn Vulnerable Web App (DVWA) as a SQL injection vulnerable web site/database. As a prerequisite, the reader should have at least a basic understanding of ...

PenTest Edition: Go from Beginner to Advanced with nmap

Network Mapper, otherwise known as "nmap," is a powerful open-source program, perfect for conducting reconnaissance and enumeration. Yes, nmap is well-known for this purpose and it's included in every whitehat-to-blackhat's toolbox for that very reason; however, I want to point out that it has many other uses as well. For instance, a network administrator could ...

PenTest Edition: Creating an Evil Twin or Fake Access Point Using Aircrack-ng and Dnsmasq [Part 2 – the Attack]

If you haven't already begun the initial startup, you'll need to go back to PenTest Edition: Creating an Evil Twin or Fake Access Point Using Aircrack-ng and Dnsmasq [Part 1 - Setup] and update Aircrack-ng and configure the dnsmasq configuration file. After that, you can come back here and begin the attack. The information provided ...