Daily Archives: November 23, 2015

steganography: How To Hide File’s behind a Image.

hello guys today I will show u how to hide file in jpg !

so lets start with the setup :

A) Set up:

1. Must have a .zip or .rar compressor.
2. Willingness to learn.

B) And now follow steps :

Steps:
1. Save the picture of choice to your desktop.
2. Make a new .rar or .zip folder on your desktop.
3. […]

By |November 23rd, 2015|Papers|

Pentesting a web application..

Extreme Hacking | Sadik Shaikh
Ethical Hacking Institute Course in Pune-India

A little cheatsheet to help with manually reviewing web applications.

Command Execution:

PHP Code:

exec           – Returns last line of commands output
passthru       – Passes commands output directly to the browser
system         – Passes commands output directly to the browser and returns last line
shell_exec     – Returns commands output
“ (backticks) – Same as shell_exec()
popen          – Opens read or write pipe to process of a command
proc_open      – Similar to popen() but greater degree of control
pcntl_exec     – Executes a program

Apart from eval there are other ways to execute PHP code: include/require can be used for remote code execution in the form of Local File Include and Remote File Include vulnerabilities.

PHP Code Execution:

PHP Code:

eval()
assert()  – identical to eval()
preg_replace(‘/.*/e’,…) – /e does an eval() on the match
create_function()
include()
include_once()
require()
require_once()
$_GET($_GET);
$func = new ReflectionFunction($_GET); $func->invoke(); or $func->invokeArgs(array());

List of […]

By |November 23rd, 2015|Papers|