Oftentimes when I gain shell access to some remote server there may be a service listening on an “unreachable” interface such as the local loopback. Generally if there is a web application which ha...

I wrote a SQLMap tamper script that helped me out in something that vanilla SQLMap could not. The issue was that in order for a SQL Injection to be possible, the payload needed to bypass a preg_mat...

First of all, I’m going to open this entire post by saying that this is for prototyping only. If you can use a python function or python module that has been built and tested properly rather than u...

Nmap is one of the cornerstones of penetration testing. It’s one of, if not the first command you run before you even consider what attack surface to focus on on your target. It’s the way to find o...

To give credit where it is due, I decided to set up a honeypot as inspired by John Hammond. Recently he made a youtube video that described his setup and the resulting display of hundreds of red te...

Everyone has their own methods they follow, and enumeration in general is a bit of an art form. This page will serve as kind of a reminder for myself for when I take a break from it and forget some...

If I find a potential attack vector in which I can use Burpsuite Repeater or something, and I just generally want to work with the command line, I typically will code up a quick python script to in...

SQLMap is a tremendous tool that we all should know in the infosec field. For those that don’t, it is a Swiss Army Knife of SQL Injections. The basic idea is that generally speaking, SQL Injections...

I use Arch, BTW. And you can too! The initial setup to getting to a useable Arch install can be daunting, and I had to read a bunch of different sources to learn how to do things the right way. Ge...

This is my docker cheat sheet. There are many like it, but this one is mine. I’m not about to teach anyone anything that they can’t find on Docker docs, in fact that’s probably where you should go...