Category Archives: Hacking

Sneak Peak into Exploitation

It’s a well-known saying that gathering maximum information about the enemy is half the work done in defeating him. The same holds true when you are about to attack a target (a potential victim); the first step is to gather as much information as possible. Information gathering can be broadly classified into two categories –… Read More »

System Exploitation with Metasploit

Dear readers!! This is another post on Metasploit and Evading windows firewall. Metasploit is an exploit development framework that facilitates penetration testing of IT systems. This tool initially started off as a game and was taken over by Rapid 7 for maintenance and further development. The main objective of this article is to learn the… Read More »

Session Hijacking via XSS in[Patched]

Website: Vulnerability: Session Hijacking VIA XSS Criticality: Moderate to Risky Author: Karthik R a.k.a 3psil0nlambda ————————————————— Another instance of negligence from the team of Jabong .com after repeated emails. About the site: is a young and vibrant company that aims to provide good quality branded products. caters to the fashion needs… Read More »

XSS in

Site: Threat/Vulnerability: Cross site scripting a.k.a XSS, URL Redirection Severity : Moderate Author: Karthik R a.k.a 3psil0nlambda I have informed the owner (CEO) but got no response, acknowledgement of receipt of the mail. About the Site: India’s fastest growing shopping site. Vulnerability: *XSS a.k.a Cross site scripting *URL Redirection Once found out the Vulnerability,… Read More »

10 Wi-Fi security tools for your arsenal – Photostory

Hey guys, This is an article for WI-fi Pen testers. The must have tools in your arsenal are covered in the form of a photo story on Search-security.IN by me. Image Courtesy: You can read the story here: Cheers 🙂 3ps!10nLaMbDa

silverstripe CMS persistent XSS vulnerabilties

Hi all, Yet another bug found, in the silverstripe CMS. 🙂 DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent. silverstripe CMS persisten XSS vulnerabilties vendor: Author: Karthik R (3psil0nLambDa) Email: My blog: Google dork: Powered by the SilverStripe Open Source CMS * Persistent… Read More »

10 Linux security tools for system administrators

Hi all, In recent times, the security aspect of information technology has received considerable attention, and large organizations have dedicated security teams to keep tabs on vulnerabilities in their systems and take preventive or corrective action as appropriate. The same level of commitment to maintaining security may not be seen in most SMBs, but the… Read More »

BackTrack 5 tutorial: Part 3 – More on exploitation frameworks

Hey guys, BackTrack 5, the much-awaited penetration testing framework, was released in May 2011. This third installment of our BackTrack 5 tutorial explores tools for browser exploitation such as theft of credentials, Web privilege escalation and password recovery. This part of our BackTrack 5 tutorial also provides an insight into automated SQL injection using DarkMySQLi.… Read More »