Pentesting

by

Install oxml_xxe MacOS High Sierra

Here, i want to show you how to install oxml_xxe MacOS High Sierra. This tool is to help us to test XXE vulnerabilities in file formats. Currently supported : DOCX/XLSX/PPTX ODT/ODG/ODP/ODS SVG XML PDF (Experimental) JPG (Experimental) GIF (Experimental) First, we need rvm installed on our machine :

And then we need to install

by

Install Maven MacOS High Sierra

Hi guys, today i want to show you the steps how i install Maven MacOS High Sierra. I am using Maven to install ysoserial, to help me exploiting Unsafe Java Object Deserialization. So, Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage

by

Optimize SQLmap - Penetration Testing

Should we rely on SQLMAP for Pentest activities? How to Optimize SQLmap for Penetration Testing? This question is always comes in my mind since i step in to the world of professional penetration tester. i have limited time to do penetration, and i have to test ALL of the requests for SQL injection vulnerability (please

by

Exploit XXE Vulnerability Using Excel File

From my last article, we can exploit XXE using Docx file. Now lets build exploit XXE vulnerability using Excel file. Exploit XXE Vulnerability Using Excel File? Microsoft released OOXML Document, OOXML Presentation and OOXML Workbook in 7 December 2006. Source: Wikipedia. So, what is Office Open XML? Office Open XML, also known as OpenXML or

by

Exploit XXE Vulnerability Using Docx File

Today, I found a vulnerability on a server which is has feature upload for docx file. I will try to explain how to exploit XXE vulnerability using docx file and how to find this vulnerability. So.. What is XXE Vulnerability? An XML External Entity attack is a type of attack against an application that parses