As a server admin there is a time when you want to install fresh copy of WordPress plugins at once. This might be time consuming if we install them one by one from WordPress dashboard. Even downloading each plugins one by one and uploading them to server at once is waste of time. Here is […]
nmap scan (windows machine)
While doing pentest it is important that you know the service that end machine is running. No matter what the victim machine OS (Linux/Windows) is we can use nmap to reveal the open ports and services. Lets start by doing simple nmap: If you do nmap and IP only then it will show above result […]
Auto migrate process using msf
Manual migration of process to another process might become hasslesome. After you get reverse shell you can automatically migrate the process using post exploitation script. We can do it as following. By the bing by the boom your process will automigrate 😉
Hacking windows shares
First of all lets check if share is enable or not by using nmap scan. Here, port netbios port 139 is open. Now, checkout the shares name. For this we have tool in kali linux called `smbclient`. where, -L will get a list of shares available on a host So, we have number of shares […]
Upgrade to a full tty shell
In ctf after you get a shell you may want to see if you can upgrade to a full tty shell. You can find many ippsec videos on youtube doing this. First see if there is python or not $ which python If it is available, type following command to get bash shell. There is […]
Escaping Restricted Linux Shells
From vi or vim :set shell=/bin/bash Next, type and execute: :shell Another method is to type: :! /bin/bash From awk awk ‘BEGIN {system(“/bin/sh”)}’ From find find / -name blahblah -exec /bin/awk ‘BEGIN {system(“/bin/sh”)}’ \; From more, less and man ‘! /bin/sh’ ‘!/bin/sh’ ‘!bash’ From tee echo “evil script code” | tee script.sh From your fav […]
Install CAPTCHA in your website
Why? Well, to answer this quickly and as short as possible, it is to stop spam. First of all, you may want to know what is CAPTCHA and what is it stand for? The full form of CAPTCHA is a Completely Automated Public Turing test to tell Computers and Humans Apart. It is a type […]
Renew letsencrypt of Zimbra server
After installing Letsencrypt SSL according to https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate article you need to renew certificate later. To renew certificate you can do following: Login to server as root $ letsencrypt renew Change directory to Zimbra Letsecnrpyt SSL folder # cd /opt/zimbra/ssl/letsencrypt/ Copy new SSL files to Zimbra Letsencrypt folder then change owner to Zimbra. # cp /etc/letsencrypt/live/yourdomain.com/* […]
How to restore hacked WordPress website? v2
BACKUP!! BACKUP!! BACKUP!! Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website. Change Password After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc Replace Files/Folders 1. Rename public_html folder to something else […]
Add user and database in mongodb
To create database and user and grant readwrite access you can use following: $ mongo > use admin > db.auth(“admin”, “password”) > use database > db.createUser( { user: “user”, pwd: “userpassword”, roles: [ “readWrite”, “database” ] } )