Playing Around With PentestIt.Ru Testlab v.10 – Part 2

Lets continue the last article since i was busy with my real life. From the last article i successfully get into the server from SSH service. Now lets enumerate the network inside the server based on this network diagram. First, lets check if Nmap already installed on the server:

Great!! lets mapping the network.


Playing around with testlab v.10 - Part 1

Lets playing around with testlab v.10. Target IP : Nmap :

Lets check HTTP header on port 80 :

I tried to open the IP address through web browser but its like taking forever to load the page. 🙁 Ok, lets examine the source of the page:

I found store.gds.lab domain inside


PHP - Fully Undetectable Web Shell

Today, i wanna try to create a simple undetected (hopefully FUD) web shell backdoor. I am using VirusTotal (yes, i want them to check my file, lol..). So, what is FUD? Fully undetectable (usually shortened as “FUD”) can stand for data that had been encrypted, making it appear to be random noise. It can also stand


Buffer Overflow Golang Fuzzer (64bit)

Hi there, Today i just want to share about buffer overflow and a fuzzing tool to check buffer overflow vulnerability. What is Buffer Overflow? A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Since buffers are created