Rip 'em Out!

SQL Injection & Web Application for dummies The best place to learn & hack web application is with OWASP Broken Web Application OWASPBWA Interface This covers all web application included:  http basic Access Control Flaws AJAX Security Authentication Flaws Buffer Overflows Code Quality Concurrency XSS Improper Error Handling Injection Flaws Denial Of Service Insecure Communication Insecure Configuration Insecure Storage Malicious Execution Parameter Tampering Session Management Flaws Web Services Admin Functions WebGoat start page You can download the source code it here . Hopefully this may lead you more into understanding in web application system and learn how to.

Window 8 " winrm_powershell" vulnerability  I really can't wait for this new vulnerability for windows 8 possibly a critical issue for the Microsoft to fix this. Currently Metasploit exploit are still not available yet for me to test it. Hopefully it will arrive soon for me to test it! msf  exploit(winrm_powershell) > show options Module options (exploit/windows/winrm/winrm_powershell):    Name      Current Setting  Required  Description    ----      ---------------  --------  -----------    DOMAIN    WORKSTATION      yes       The domain to use for Windows authentification    PASSWORD  omfg             no        A specific password to authenticate with    Proxies                    no        Use a proxy chain    RHOST     10.6.255.158     yes       The target address    RPORT     5985             yes       The target port    URI       /wsman           yes       The URI of the WinRM service    USERNAME  sinn3r           no

Nmap & Nessus with Metasploit These tools are most popular and widely use for pentester. Actually this tools can be integrated with Metasploit? By using "db_nmap" & "db_nessus" command it will store are the hosts information inside the database.  Nmap logo On the previous version of the Metasploit, we can using the scanning result either Nmap or Nessus and run "db_autopwn" command, but on the latest version of the Metasploit this command has cause Metasploit to crash due to all the automated attack. Nessus Logo Currently I still looking for good & automated script to do the autopwn attack. I just found this script on the github written by Dark Operator, who contributed a lot for Metasploit Framework project he also part of the community project with the Rapid7. Love it! You can download the script at here .