Exploitation

Introduction Brute force login attacks test authentication systems by systematically trying candidate credentials until a valid combination is found. In real assessments, this is usually a last-resort option after vulnerabilities and misconfigurations are exhausted, but it still delivers results when password hygiene is weak. The sections below combine strategy, scripts, and tooling so you can move from theory to execution quickly. Brute Force Process and Use Cases A brute force process begins with identifying the authentication surface, gathering usernames, and selecting the right attack mode. It is most effective when password policies are weak, default credentials exist, or a specific account is the target. ...

Introduction Password cracking is an offline process where you attempt to recover plaintext from captured hashes or protected files. In penetration tests, weak or reused passwords are common, so success usually comes from smart wordlists and realistic mutations rather than raw brute force. Hashcat is the main tool for this workflow because it supports many algorithms and scales well on GPUs. Hashing, Salting, and Encryption Hashing turns input into a fixed-length digest and is designed to be one-way, so cracking depends on guessing candidates and comparing their hashes. Slow password hashes like PBKDF2 or bcrypt increase cost, while fast hashes like MD5 or SHA1 remain common in legacy systems and breach dumps, and salting reduces rainbow table value without preventing offline attacks. Encryption is reversible with a key and appears in data-at-rest or transport use cases, so it is a different problem from password hashing. The list below summarizes common encryption families, and the commands that follow show how salting changes a digest. ...

Introduction SQL injection (SQLi) happens when user input changes the final SQL query sent by a web application. The impact ranges from reading sensitive data to modifying records or writing files on the server. This guide merges database basics with practical SQLi techniques and commands so you can connect theory to hands-on exploitation. Database Foundations Modern web applications rely on databases to store content, user data, and configuration. Understanding DBMS structure and query behavior helps you predict how an injection point will behave and which payloads are likely to work. It also helps you distinguish between relational and non-relational systems when fingerprinting the backend. ...

Introduction Shells and payloads are the bridge between exploiting a vulnerability and actually interacting with a target system. A shell gives you interactive access to the OS, while a payload is the code or command that delivers that access. Shells and Payloads at a Glance A shell is a program that lets you enter commands and receive output, and in security it is often the result of exploitation. In practice you select a payload based on the target OS, available interpreters, and what the network allows. ...

Introduction Metasploit is a modular penetration testing framework that lets you enumerate, exploit, and manage access using a single console. The framework provides thousands of modules, payloads, and helpers, which can save time when used with discipline. This post blends theory and commands to help you use Metasploit as a tool, not a crutch. The core idea is simple: use Metasploit to validate real vulnerabilities, not to replace your understanding of the system. A tool can give you a shell, but only your analysis decides which module is safe, relevant, and appropriate. If you treat the framework as a workflow engine, it becomes both efficient and transparent. ...

Introduction to XSS Cross-Site Scripting (XSS) is a client-side vulnerability that appears when user input is rendered as executable JavaScript in the browser. The server is not directly compromised, but the user who loads the page can be targeted for phishing, data theft, or session hijacking. The test goal is to confirm execution, identify how the input is handled, and document a realistic impact. XSS only runs in the browser, so the attack depends on how the page renders or stores input. This is why the same payload can succeed or fail depending on the HTML context. When testing, focus on where the input appears and whether it persists after refresh. Those details determine which attack path is possible. ...

Introduction Command Injection is one of the most critical web vulnerabilities because it lets an attacker execute OS commands on the backend host. The impact can be full system compromise and lateral movement if the server has network access. The vulnerability appears when user input is passed into a system command without strict validation and sanitization. This issue is not limited to web apps, but web apps are the most common surface because they regularly call system utilities. If a parameter such as an IP address is used inside a command, a small injection operator can turn it into a full shell. Because the execution happens server-side, any output you can observe is valuable evidence. ...

Introduction to LFI Local File Inclusion (LFI) happens when a web app loads a file based on user input without strict validation. This usually appears in template engines and dynamic page loaders that read content based on a parameter like ?language=es. If the path is not restricted, an attacker can read arbitrary local files such as /etc/passwd, and in some cases LFI can lead to remote code execution. Modern apps often use parameters to reduce duplicate templates and keep routing simple. That pattern becomes dangerous when the parameter controls the file path directly. Testing starts by identifying the parameter and then trying known local files. ...

Introduction to File Upload Attacks File upload features are extremely common in web apps, from profile pictures to document portals. The moment an app stores user-controlled files on the server, it expands the attack surface beyond standard input fields. If validation is weak or missing, attackers can upload active content and trigger code execution. The core risk is that a server may treat an uploaded file as code rather than data. That can happen when the extension is executable, the server is misconfigured, or the upload directory allows script execution. Even if direct execution is blocked, uploads can enable stored XSS, XXE, or DoS. ...

Password Attack Overview Password attacks focus on weakening or bypassing authentication by recovering valid credentials from hashes, files, memory, or network workflows. The attacker goal is not just to crack a string, but to turn it into access and prove impact. That is why the process usually mixes offline cracking, remote login checks, and credential harvesting. A clean workflow also documents the source of each credential for reporting. Authentication relies on something you know, have, or are, but in practice passwords are still the most common factor. Users reuse passwords, pick predictable patterns, and store them in unsafe places, which creates opportunities for attackers. Defenders often rely on lockouts and monitoring, but attackers can still use slow, low-noise methods such as spraying. Understanding where passwords live and how they are processed is the key to efficient testing. ...