Search • Page 10/12

Search the Pentest-Tools.com Blog

How to exploit the DotNetNuke Cookie Deserialization

We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.

Author(s)

Cristian Cornea

Published at: 10 Jun 2020

Platform updates

[New feature] Scan internal networks with the VPN Agent

To enhance the way you scan your internal networks, we added a new way to perform this on Pentest-Tools.com. It is a lot easier and does not require any special configuration. All you need to do is run the VPN Agent and start scanning!

Author(s)

Ioana Rijnetu

Published at: 05 Jun 2020

Security research

How to exploit the PHAR deserialization vulnerability

At Blackhat US-18, Sam Thomas introduced a new way to exploit PHAR Deserialization Vulnerabilities in PHP. See which stream wrapper this new type of attack abuses and how it works.

Author(s)

Alexandru Postolache

Published at: 29 May 2020

Platform updates

Jira integration, Export results as JSON & more platform updates

Here are 4 platform updates we’ve deployed in the current update to make Pentest-Tools.com a stronger asset for your pentesting needs.

Author(s)

Ioana Rijnetu

Published at: 17 Apr 2020

Security research

How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com

For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.

Author(s)

Ioana Rijnetu

Published at: 23 Mar 2020

Platform updates

[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com

Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful! To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.

Author(s)

Ioana Rijnetu

Published at: 18 Mar 2020

Platform updates

[New enterprise feature] Add sub-users and share your Pentest-Tools.com plan

Working on a security project is always better when your team is involved. That’s why you can now add multiple users to your Pentest-Tools.com account and share the plan with your team members. The new feature allows the account owner (the parent user) to create sub-users and share access to their account.

Author(s)

Ioana Rijnetu

Published at: 11 Mar 2020

Hacking tutorials

How to simulate phishing attacks with the HTTP Request Logger

As a penetration tester or a Red Team security consultant, you probably deal with lots of challenges when you want to simulate phishing attacks using social engineering techniques. Because our team’s goal is to make your job easier by providing the right tools, we’ve put together a hands-on guide you can use straight away!

Author(s)

Razvan Ionescu

Published at: 20 Feb 2020

Platform updates

API support for TCP Port Scan, API scans & more updates

Through our API integration, you can easily streamline and automate your pentesting tasks for better results. Because we know how important it is for your business, we’ve worked on improving our API system to become a fully programmable penetration testing platform for your specific needs. Here are 3 new API improvements we added in the current update

Author(s)

Ioana Rijnetu

Published at: 15 Feb 2020

Platform updates

New tool for detecting the critical Citrix RCE vulnerability (CVE-2019-19781)

To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on Pentest-Tools.com to detect the recent RCE vulnerability (CVE-2019-19781).

Author(s)

Ioana Rijnetu

Published at: 14 Jan 2020

Security research

How to detect the SACK Panic vulnerability with Wireshark

The security team at Pentest-Tools.com has recently performed an in-depth analysis of the SACK Panic vulnerability (which was first disclosed in June 2019) to find out its exploitability against Linux machines. Throughout this research, we’ve identified a new method to detect vulnerable servers using Wireshark, the popular network traffic analyzer.

Author(s)

Stefan Bratescu

Published at: 09 Jan 2020

Milestones

Black Hat Europe 2019 Highlights

We are extremely grateful and happy to find out how many users already know about our online platform each time we explore a new context. To know people around the world use Pentest-Tools.com on a daily basis to discover vulnerabilities in websites or networks drives us to achieve even more going forward. In this article, we share our recent experience at the Black Hat Europe 2019 conference and what we learned from it.

Author(s)

Ioana Rijnetu

Published at: 11 Dec 2019

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account