Penetration Testing Wiki

How to deploy Docker images on Google Cloud Run

We can easily run dockerized apps on Google Cloud using still beta Google Cloud Run. One thing to keep in mind is to specify $PORT variable inside our Dockerfile, by default Cloud Run always uses PORT 8080, but for portability reasons we will specify it as a variable: So we can deploy and run the…
Read more

Simple and vulnerable NodeJS app prone to Cross-Site Scripting (XSS) deployment with Google Cloud App Engine

I wrote a little script in node.js for a hands-on lab to test Cross-Site Scriptings (XSS). You can download it from my github: To deploy in Google Cloud App Engine: To start the project from a local system: Now visit the vulnerable website:

Restrict by IP in Apache behind Cloudflare

If you are using Cloudflare as first line of defense, and want to restrict by IP in the Apache webserver behind. Add this to your .htaccess:

#Slack built-in support for #RSS feeds

I just discovered that Slack has built-in support for RSS feeds. It’s a great feature to subscribe all your feeds in a private channel, so you can keep updated and even share your feedback with your team. For example, to subscribe to Microsoft Security Advisories: I will share later my RSS feeds for #cybersecurity

United Airlines Bug Bounty Program

After soooome time for the triaging and patching the reported bug. I was awarded with 50,000 miles for reporting a bug to United Airlines, inside their Bugbounty program. Decided to donate them to Rotary International charity and use them for the great causes.

OSCP certification 2018

Checkmate! OSCP certification passed

I have to admit that doesn’t matter how much experience you have with penetration testing, the exam is challenging because the attack surface is big: 65535 ports x 2 protocols x 4 machines = 524,280 ports. In the fifth machine, you know beforehand which is the vulnerable port and you just have to develop a…
Read more

HPE SMH XSS DOM-Based Advisory

Product: HPE System Management HomepageVersions: ALL versions and platforms affected (Tested on v7.6.0.11 for MS Windows)Vulnerability: JavaScript Injection in file gsearch.php, parameter prodOWASP TOP 10: A1 InjectionType: Javascript InjectionImpact: Allows an attacker to perform an XSS (Cross-Site Scripting) DOM-based attack, execute arbitrary JavaScript client-side, steal admin credentials, etcAccess Vector: Adjacent NetworksAccess Complexity: LowAuthentication: NoneCVE: CVE-2017-12544…
Read more

CVE-2017-12544 Hewlett Packard Enterprise, HP System Management Homepage Software prior to 7.6.1 Cross-site Scripting (XSS)

The HP System Management Homepage (SMH) is a web-based interface that consolidates and simplifies the management of ProLiant and Integrity servers running Microsoft Windows or Linux, or HP 9000 and HP Integrity servers running HP-UX 11i. Original Advisory:

Google dork for iDC File Manager

iDC File Manager is a secure multi user web based File Management System, that allows you to store, manage and share every format of digital media, including, documents, images, audio, video, publishing layouts, presentations and PDF files Between you and your end users. If your Company has a requirement to distribute or share files with…
Read more

CEH Certificate 2017

Certified Ethical Hacker v9 certification

The proctored exam is multi-option based, as the material is kinda outdated with many obsolete software and some questions get tricky. The most effective method to study the exam was train with Skillset practice questions: