Local File Inclusion (LFI) tutorial

This tutorial will guide you into the process of exploiting a website through the LFI (Local File Inclusion). First lets take a look at a php code that is vulnerable to LFI: $page = $_GET[page]; include($page); ?> Now, this is a piece of code that should NEVER be used, because the $page isn’t sanitized and […]

Blind SQL Injection

Blind injection: you dont actually see anything, you just see how the server responds.Blind injection is a little more complicated/time consuming, but when your injection is multi-select and union isn’t possible this is your next best bet. I will go over how to pull version, how to guess table and column names, and finally how […]

MSSQL – injection Tutorial

MSSQL – injection ########################### 1.1 Introduction 1.2 How to ask Vulnerability page? 1.3 How to prove that the site of weakness? 1.4 How to find version / name of the DB? 1.5 How to discover the names table (table_name)? 1.6 How to discover the names of column (column_name)? 1.7 How to get data from tables […]

[FUD] Simple command-line binder

First of all, why a command-line binder? Automation. Instead of sitting there binding individual, or even groups of files yourself, you can easily automate the binding process by using a batch file or shell script. Saves time and opens up your options. Here’s how this one works: 1. We’ll be using open-source software called NSIS, […]

Download Execution with Java

This tutorial will show you how to use java applets within your website which automatically download and execute your malware onto the visitor’s computer. Some people may of heard about it, some people may know how to do it, but none the less I’m still writing a tutorial for those who don’t. Please note the […]