Rip 'em Out!

For your reference, here are the list of SHODAN operators/command: Option Command Example Host/Domain hostname hostname:”google” Port/Service port port:”21” Country country country:”United States” City city city:”New York” Organization/Company org org:”Amazon” Internet Service Provider isp isp:”Hostwinds LLC” OS/Product/Platform product product:”Apache httpd” Product Version version version:”2.2.15” Geo Location geo geo:”39.6949,-83.1383” Date before/after before:”12-12-15” IP Address/Subnet net net:”74.91.246.0/24”

Web application is a most widely used nowadays. Well, it depends on what platform that you wanted to use for. From Java, PHP, ASP, ColdFusion etc.  Also databases like MySQL, MSSQL Oracle, DB2, Informix etc. All these so call platform have many vulnerability which evolved day-to-day. Patching and update is a must and become important for us keep track on any issues or risk and vulnerabilities within the application. As for now, JS Framework e.g Node JS with MongoDB has become popular in web application deployment. So, I been thinking hacking into these framework or platform is kind a new to me. Most people said that Node JS and MongoDB are invulnerable to SQL Injection and many other common vulnerability. Apart for that I been doing some research on this on how to hack or exploiting this. I been reading this guide  by Petko  @pdp A video presented at BlackHat USA 2015 by Maty Siman  &  Amit Ashbel For mongoDB best practices  and reading  guide. Using Metasploi

Sometimes installing a Metasploit might come a messy when your ruby and gem are not in fully configure and install. Here are some better way to install it.  Below step are for Ubuntu/Debian based linux  step 1 : sudo apt - get update sudo apt - get upgrade step 2 : Install dependent packages sudo apt - get install build - essential libreadline - dev libssl - dev libpq5 libpq - dev libreadline5 libsqlite3 - dev libpcap - dev openjdk - 7 - jre git - core autoconf postgresql pgadmin3 curl zlib1g - dev libxml2 - dev libxslt1 - dev vncviewer libyaml - dev curl zlib1g - dev step 3 : Install Ruby curl - L https :// get . rvm . io | bash - s stable source ~ /.rvm/ scripts / rvm echo "source ~/.rvm/scripts/rvm" >> ~/. bashrc source ~/. bashrc rvm install 2.1 . 6 rvm use 2.1 . 6 -- default ruby - v step 4 : Install and configure postgresql sudo apt - get install postgresql sudo - s su postgres createuser msf - P - S - R - D createdb - O msf msf ex