CVE-2012-1723: This is a vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checking. A specially-crafted class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations. The vulnerability was made public by Michael ‘mihi’ Schierl. Requirement: […]
Category: PenTesting Tutorials
[Metasploit Tutorial] Hacking Windows XP using IP Address
Do you think it is possible to hack some one computer with just an ip address?! The answer is yes, if you are using unpatched(vulnerable) OS. If you don’t believe me, then read the full article. In this article i am going to demonstrate how to hack a remote computer by exploiting the parsing flaw […]
CVE-2012-1889: Microsoft XML Core Services Vulnerability Metasploit Demo
CVE-2012-1889: Microsoft XML Core Services Vulnerability A vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 allows remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users […]
CVE-2012-1875 : Hacking windows using MS12-037 Internet Explorer Same ID Vulnerability
Hi, Today i am going to explain how to hack the Windows system using the recent IE exploit. This article is intend to educate PenTesters. If you don’t know what Penetration testing means, then please reads this article. Also please read the previous articles on Pen Testing. CVE-2012-1875 : MS12-037 Internet Explorer Same ID Vulnerability […]
CVE-2012-2122: Exploiting authentication bypass vulnerability in MySQL and MariaDB
The news about the vulnerability in MySQL and MariaDB spreads like a wild fire. I have covered about this vulnerability in E Hacking news as news article. Here, i am going to share the same thing from the perspective of a penetration tester. The MySQL and MariaDB versions 5.161,5.2.11,5.3.5 and 5.5.c2 are affected version. The […]
[VIDEO Tutorial] Exploiting Java AtomicReferenceArray Type violation vulnerability
The Text+Image version of this video is available here:Exploiting Java vulnerability
Hacking Windows 7 & Xp with Fake Firefox add-on (XPI) : Metasploit Tutorials
Hello BTS readers, i believe you enjoyed my last tutorial ( Java AtomicReferenceArray type violation vulnerability and exploiting ). So here is second tutorial for you ! In this tutorial i am going to explain how to hack any windows machine(xp,7) with the help of Metasploit. Unlike last tutorial, we are not going to exploit […]
How to hack remote computer using Metasploit? Exploiting Java vulnerability CVE-2012-0507
Whenever someone say PenTesting tool, the first thing come in our mind is MetaSploit . Today, i am going to demonstrate how to use the Metasploit tool to exploit the popular java AtomicReferenceArray Type Violation vulnerability(CVE-2012-0507). About MetaSploit: Metsploit is a very Powerful PenTesting Tool . Metasploit Framework, a tool for developing and executing exploit […]
How to Set up your Pen Testing / Ethical Hacking Lab with a single Computer ?
Hi BTS readers, We have provide you plenty of Ethical hacking and Pentesting tutorial, still more article is going to come. Meanwhile, i like to teach you how to set up your own Pen Testing/ hacking network Lab. Use of your own Pen Testing Lab: Free, free ,free..! It’s free lab, because it is yours.. […]
Complete Cross Site Scripting(XSS) Guide : Web Application Pen Testing
Hello BTS readers, Here is complete series that explains everything about the Cross site scripting. Still more articles are on the way, Stay tuned to BreakTheSec..!Link To Tutorials: Cross Site Scripting(XSS) Basics DOM Based XSS attack XSS Filter Bypass Techniques Self-XSS (Cross Site Scripting) :Social Engineering Attack and Prevention XSS Cheat Sheet XSS Attacks Examples […]