Tuesday, October 20, 2015

Using WP Scan

As the SQL Map in Kali WP Scan also very valuable tool to find vulnerabilities and hack web sites. It's totally focused on Word Press. Using this we can find the exploits, vulnerabilities of web sites which are hosted in web hosting services, using Word Press.So if you noticed that you are following a website that is use Word Press this tool will be great help.

Open the Kali terminal and type

Find the Exploits for the web site

Very useful thing behind the WP Scan is using simple syntax we can list number of exploits to a given web site(running on Word Press) that related to the Word Press version. Using that information we can do many hacks to the web site. Here is that syntax

wpscan --url <URL of the web site>

Find the User names of Site admins.





The other very useful thing is using WP Scan we can find the Site Admins very easily (Site admins User name and Name). This will be very help to brute-force attacks. Here is the syntax

Read more »
Posted by at No comments:

Monday, October 19, 2015

SQL Map for sql injection

Kali OS is a must for a pen tester today. Because it has bundled hundreds of hacking tools into one OS. It makes us easier to find the vulnerabilities and make the use of exploits.

Within those hundreds of tools this post will discus about SQL Map tool which is very useful for pen testers to find out the SQL Injection vulnerability.

SQL injections are common in every SQL database system. But in each different manner. We can do manually also a SQL injection attack. But if we tried to do it manually (without using tools) it may take very long time to get the database. Cause we have to try again and again by changing the URL. It's very crucial task. That's why SQL injection tools become more popular such as Havij, SQL ninja, SQL dump.

Note : before you use this tool you should have detected that the web server is vulnerable for SQL injection attacks. How we can get know that ? Simply type a apostrophe(') at the end of the URL(URLs which have "php?id=num" at the end.in this "num" is a numeric char 0-9) and enter. If the web server is vulnerable for SQL injection server will returns a error page which warning that our query is wrong.some times it shows what database is it and version also.

Read more »
Posted by at No comments:
Subscribe to: Posts (Atom)