Skip to content

Linux Security Blog

How Hackers Work

Search
  • Home
  • Shep Tutorials
    • Set Up Security Shepherd On VMWare
    • Failure To Restrict Access – Solution
    • Insecure DOR – Solution
    • Poor Data Validation – Solution
    • Security Misconfiguration – Solution
    • Insecure Direct Object Reference 2 Solution
    • Cross Site Scripting One Solution
    • SQL Injection Solution
    • OWASP Security Shepherd – Failure To Restrict Access Solution
    • Session Management Challenge One – Solution
  • GNS3 Series
    • Install GNS3 2.2 on Windows10 | Download Link Included
    • Import VirtualBox Images to GNS3
  • Python Series
    • Part I
    • Part II
  • About

Category: OWASP

AppSec…

XML External Entity (XXE) Vulnerability

14 Oct 20199 Mar 2020
According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to…
AppSec…

Movies Featuring the Nmap Security Scanner

6 Oct 201930 Oct 2019
The Nmap Security Scanner has appeared in many major motion pictures (as well as more obscure films). This gallery provides screen shots and details for each movie. Source: Movies Featuring…
#career…

OWASP A2: Broken Authentication and Session Management Cause and Prevention

12 May 201924 Jul 2020
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence WIDESPREAD Detectability AVERAGE Impact SEVERE Application / Business Specific Consider anonymous external attackers, as well…
#career…

Best Linux Distros for Ethical Hacking and Penetration Testing

1 May 201924 Jul 2020
Here is a list of some top Linux distro for ethical hacking and penetration testing that will surely help you to pick one that best fits your need. Kali Linux:…
AppSec…

Exploiting XXE Vulnerabilities

5 Mar 201924 Jul 2020
By Chris Davis XXE (XML External Entity) attacks happen when an XML parser improperly processes input from a user that contains an external entity declaration in the doctype of an…
AppSec…

CSRF Code Examples and Defense

3 Mar 201924 Jul 2020
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's…
AppSec…

Create a Backdoor with Cryptcat

23 Dec 2018
In this tutorial, I'll introduce you to netcat's popular cousin, cryptcat (she's actually much cuter and more exotic than the plain netcat). Cryptcat enables us to communicate between two systems and encrypts…
AppSec…

SQL Injection Attacks

20 Nov 2018
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd…
AppSec…

IPtables – the Linux Firewall

13 Nov 201813 Nov 2018
KORBIN BROWN FEBRUARY 6, 2014, 12:34PM EDT Iptables is an extremely flexible firewall utility built for Linux operating systems. Whether you’re a novice Linux geek or a system administrator, there’s…
#career…

Now Is The Time, Linux is the Direction

11 Nov 201824 Jan 2019
Your future matters to us @ LSB, so get into Linux and see the new world it will open for you. Created by QuBits 2018-11-11
#career…

Linux Foundation Deals For LSB Followers

25 Oct 2018
We are delighted to be able to team up with The Linux Foundation to bring you some great deals on amazing Linux courses and materials. All courses, on completion is…
AppSec…

OWASP Security Shepherd- Session Management Challenge One – Solution – LSB

12 Oct 201812 Oct 2018
We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec…

Penetration Testing – Complete Guide

10 Oct 201810 Dec 2018
What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
AppSec…

OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

27 Sep 201827 May 2019
Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
AppSec…

OWASP Security Shepherd – Insecure Cryptographic Storage Challenge 1 Solution – LSB

21 Sep 2018
Thanks for visiting and today we have another OWASP Security Shepherd Solution for you. This time it's the Insecure Cryptographic Storage Challenge. Cryptography is usually the safest way to communicate…
AppSec…

OWASP Security Shepherd – SQL Injection Solution – LSB

15 Sep 201819 Sep 2019
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec…

OWASP Security Shepherd – Cross Site Scripting One Solution – LSB

12 Sep 201812 Sep 2018
Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS).  Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec…

OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

7 Sep 20187 Sep 2018
What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec…

The Best Hacking Books 2018

25 Jul 201825 Jul 2018
BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec…

OWASP – A2 – Broken Authentication and Session Management – LSB

24 Nov 201729 Jun 2018
Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
Cyber Security…

OWASP A1 – Injection, Cause and Prevention

23 Nov 20175 May 2019
Am I Vulnerable To 'Injection'? The best way to find out if an application is vulnerable to injection is to verify that all use of interpreters clearly separates untrusted data…
AppSec…

OWASP Security Shepherd – Security Misconfiguration – Solution – LSB

2 Nov 201712 Dec 2019
Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
AppSec…

Owasp Security Shepherd – Poor Data Validation – Solution – LSB

8 Sep 201710 Jun 2019
Welcome hackers to a new OWASP Security Shepherd solution. The challenge in question is the Poor Data Validation and this happens when data is only checked on the client side.…
AppSec…

Installing Security Shepherd on VMWare Workstation 12 Player

21 Aug 201726 Jul 2018
In this post we will install Security Shepherd. A vulnerable web app for us to hack. You can download the ISO image here. Once you download the software, depackage it,…
AppSec…

Security Shepherd Solutions

20 Aug 201715 Oct 2018
The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Cyber Security…

Full OWASP Penetration Test Links. From Start To Finish, Exploits Included

23 May 201725 May 2017
All the links you'll need from the OWASP methodology penetration test. 4.1 Introduction and Objectives A security test is a method of evaluating the security of a computer system or…
AppSec…

How to install WebGoat on Ubuntu

27 Apr 201727 Apr 2017
WebGoat is a deliberately insecure, Java web application designed for the sole purpose of teaching web application security lessons. The officially-stated aim is to enable developers to “test vulnerabilities commonly…
#career…

SQLMap – Testing With SQL Injection

12 Mar 20168 Oct 2021
Sqlmap is included in pen testing linux distros like kali linux, backtrack, backbox etc. On other distros it can be simply downloaded from the following url: http://sqlmap.org/. Since its written…
#career…

Sniffing Access Points and Mac Addresses Using Python

4 Feb 201625 Aug 2019
Well, once again it’s time to do something interesting using python and reveal the power of python programming. We will learn how to use a library in python called Scapy.…
Attacks…

Examination of the vulnerabilities of the Cisco IOS

3 Oct 201529 Sep 2019
  Cisco's IOS is multiplatform, so, runs on many different devices. It is compatible with file servers, routers, LAN and WAN switches, ATM switches, personal computers and hubs and any device that…

RSS ls -a /Zer0Days

  • [remote] SmartRG Router SR510n 2.6.13 - Remote Code Execution 11 Nov 2022
  • [webapps] CVAT 2.0 - Server Side Request Forgery 11 Nov 2022
  • [local] IOTransfer V4 - Unquoted Service Path 11 Nov 2022
  • [remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal 11 Nov 2022
  • [remote] MSNSwitch Firmware MNT.2408 - Remote Code Execution 11 Nov 2022

Follow Us

  • Twitter
  • Facebook
  • Tumblr
  • Reddit

RSS Crypto News

  • An error has occurred; the feed is probably down. Try again later.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,438 other subscribers

ls /categories

AppSec Attacks Bugs Cryptography Cyber Security Education Encryption Entertainment Exploits Hacking Linux Open Source Operating Systems OWASP Penetration Testing Privacy Security Technology Tips Tutorials

ls /comments

Foster Eli on Best Darkweb Links
crypstalk21 on Securing Your Crypto Wallet
kioptrix vm on PenTesting: Gaining Root Privi…
Johnny Dickman (@Dar… on The Darknet 2019
XXS Attack – P… on Payload in PDF
Fred (@Fred37063593) on The Hidden Wiki

ls -a -v /community

ls /MostVisited

  • Best Darkweb Links
    Best Darkweb Links
  • Payload in PDF
    Payload in PDF
  • Write a Ping Sweeper in 4 Lines of Bash
    Write a Ping Sweeper in 4 Lines of Bash
  • Crack WPA Handshake using Aircrack with Kali Linux
    Crack WPA Handshake using Aircrack with Kali Linux
  • Find Vulnerable Devices On The Internet With Shodan
    Find Vulnerable Devices On The Internet With Shodan
  • Windows Takeover with a PDF File
    Windows Takeover with a PDF File
  • How to create an I2P Darknet site
    How to create an I2P Darknet site
  • Heartbleed Discovery and Exploit
    Heartbleed Discovery and Exploit
  • How To Use Netcat to Establish and Test TCP and UDP Connections
    How To Use Netcat to Establish and Test TCP and UDP Connections
  • BlueKeep - Exploit Windows (RDP Vulnerability) Remotely
    BlueKeep - Exploit Windows (RDP Vulnerability) Remotely

ls /Archives

Follow Linux Security Blog on WordPress.com

We Use Social Media

  • Twitter
  • Reddit
  • Facebook
  • Tumblr
  • Pinterest
  • YouTube
Create a website or blog at WordPress.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Linux Security Blog
    • Join 269 other followers
    • Already have a WordPress.com account? Log in now.
    • Linux Security Blog
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar