Skip to main content

Posts

Showing posts from April 11, 2026

Directory Bruteforce: Discover Hidden Paths in Web Applications (2026 Guide)

Introduction In web penetration testing, discovering hidden directories and files is a crucial step. Many sensitive resources are not publicly linked but still accessible. Directory bruteforcing helps identify these hidden endpoints and expand the attack surface. What is Directory Bruteforce? Directory bruteforce is a technique used to discover hidden files and directories on a web server by systematically guessing possible paths. It works by sending multiple HTTP requests with different directory names from a wordlist. Why Directory Enumeration is Important Hidden directories may contain: Admin panels Backup files Configuration files API endpoints Development environments These can expose vulnerabilities. Popular Tools for Directory Bruteforce Common tools include: Gobuster Dirsearch FFUF These tools automate the process of discovering hidden paths. Installing Gobuster On Kali Linux: sudo apt install gobuster Basic Usage gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/...

Subfinder Tutorial: Complete Guide to Subdomain Enumeration (2026)

Introduction Subdomain enumeration is a crucial step in reconnaissance for penetration testing and bug bounty hunting. Finding hidden subdomains can reveal additional attack surfaces. One of the most efficient tools for this task is Subfinder. What is Subfinder? Subfinder is a fast and powerful subdomain discovery tool designed to find valid subdomains using passive sources. It is widely used by security researchers for reconnaissance. Key Features Passive subdomain enumeration Fast and lightweight Uses multiple data sources Easy to use Suitable for bug bounty workflows Why Subdomain Enumeration Matters Subdomains often expose: Admin panels APIs Development environments Misconfigured services These can lead to vulnerabilities. Installation Install Subfinder using Go: go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest Make sure your PATH is configured correctly. Basic Usage subfinder -d example.com This command finds subdomains of the target domain. Save Output ...

Enum4linux Tutorial: Complete Guide to SMB Enumeration for Beginners (2026)

  Introduction In penetration testing and ethical hacking, information gathering (enumeration) is a critical phase. One of the most powerful tools for enumerating Windows and Samba systems is Enum4linux. This guide will help you understand how Enum4linux works, what information it can extract, and how to use it effectively in a lab environment. What is Enum4linux? Enum4linux is a Linux-based tool used to enumerate information from Windows and Samba systems. It is commonly used in penetration testing to extract: Usernames Groups Shares Password policies System information Enum4linux works by leveraging SMB (Server Message Block) protocol. What is SMB? SMB (Server Message Block) is a network protocol used for sharing files, printers, and other resources between systems. It typically runs on: Port 139 Port 445 Why Enum4linux is Important Enum4linux helps identify: Misconfigured SMB services Anonymous login access User account information Network shares This information is often used f...

Brute Force Attack: Mastering Password Cracking with Hydra (2026 Guide)

Introduction In this part of the cybersecurity series, we explore one of the oldest yet highly effective attack techniques: the Brute Force Attack. We will also learn about a powerful tool called Hydra, widely used by penetration testers to identify weak authentication systems. What is a Brute Force Attack? A Brute Force Attack is a trial-and-error method used to guess login credentials by trying many password combinations. It works by systematically testing passwords from a predefined list (wordlist) until the correct one is found. What is Hydra? Hydra (THC-Hydra) is a fast and flexible password cracking tool used for testing login security. It supports multiple protocols, including: SSH FTP HTTP Telnet MySQL SMTP Security professionals use Hydra to test for weak passwords in controlled environments. Hands-on Lab: SSH Brute Force with Hydra Requirements Target IP address Username or username list Password wordlist (e.g., rockyou.txt in Kali Linux) Command Example hydra -l user -P /usr...

Server-Side Request Forgery (SSRF): A Comprehensive Guide for Beginners (2026)

Introduction In this part of the cybersecurity series, we explore one of the most critical web vulnerabilities: Server-Side Request Forgery (SSRF). With the rise of cloud platforms such as AWS, Azure, and Google Cloud, SSRF has become a high-impact vulnerability frequently targeted in bug bounty programs. What is SSRF? Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to force a server to make requests to unintended locations. In simple terms, the attacker uses the server as a proxy to access internal or restricted resources. How SSRF Works Many applications fetch data from external URLs. For example: fetch("https://trusted-site.com/data.json") If user input is not properly validated, an attacker can modify the request: fetch("http://127.0.0.1/admin") or: fetch("http://192.168.1.1/config") Because the request originates from the server, internal systems may trust it and return sensitive data. Types of SSRF Basic (In-band) SSRF T...

File Inclusion Vulnerabilities: Understanding LFI and RFI for Beginners (2026 Guide)

Introduction In this part of the cybersecurity series, we will explore a critical web vulnerability known as File Inclusion . File Inclusion occurs when a web application allows users to control which files are loaded or executed on the server without proper validation. This vulnerability can lead to sensitive data exposure or even full server compromise. What is File Inclusion? File Inclusion is a vulnerability where an application includes files based on user input without proper validation or restrictions. There are two main types of File Inclusion vulnerabilities: Local File Inclusion (LFI) Remote File Inclusion (RFI) 1. Local File Inclusion (LFI) LFI allows an attacker to access and sometimes execute files that are stored on the local server. How LFI Works Consider a website that loads pages using a parameter: https://example.com/view.php?page=contact.php If the application is vulnerable, an attacker can manipulate the parameter: https://example.com/view.php?page=../../../../etc/p...

Command Injection for Beginners: How to Execute OS Commands via Web Applications (2026 Guide)

🔐 Introduction After learning common web vulnerabilities like XSS and CSRF , it is important to understand more critical attacks such as Command Injection (OS Command Injection) . This vulnerability allows an attacker to execute operating system commands directly on the server , which can lead to full system compromise. 💡 What is Command Injection? Command Injection occurs when a web application takes unsafe user input and passes it directly to a system shell or OS command execution function. 👉 If input is not properly validated, attackers can inject malicious system commands. 🧠 How Command Injection Works Imagine a website has a “ping test” feature to check server connectivity. Backend logic example: system("ping -c 4 " + user_input); Normal Input: 8.8.8.8 Result: ping -c 4 8.8.8.8 Malicious Input: 8.8.8.8; whoami Result: ping -c 4 8.8.8.8; whoami 👉 The server executes both commands, exposing system-level information. ⚠️ Common Command Injection Operators Attackers use...

Broken Access Control: Understanding IDOR for Beginners (2026 Guide)

Introduction After learning vulnerabilities like SQL Injection and XSS, the next important concept in web security is Broken Access Control, specifically IDOR (Insecure Direct Object Reference). According to the OWASP Top 10, Broken Access Control is one of the most critical security risks in modern web applications. What is IDOR? IDOR (Insecure Direct Object Reference) happens when a web application uses user-supplied input to directly access objects without proper authorization checks. In simple terms, the application allows access to data by changing an ID without verifying whether the user has permission. Simple Real-World Example Your profile URL might look like: https://example.com/my-account?id=1005 If you change it to: https://example.com/my-account?id=1006 and you can view another user’s private data, then the application is vulnerable to IDOR. Why IDOR is Dangerous Data Exposure Attackers can access sensitive information such as emails, phone numbers, and addresses. Unauthori...

Cross-Site Scripting (XSS) for Beginners: Mastering Web Security (2026 Guide)

Introduction After learning SQL Injection, the next most important vulnerability every aspiring ethical hacker must understand is Cross-Site Scripting (XSS). XSS is one of the most common web vulnerabilities and plays a major role in bug bounty programs and penetration testing. What is Cross-Site Scripting (XSS)? Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into trusted websites. These scripts are executed in the victim’s browser, allowing attackers to manipulate user interactions, steal sensitive data, or hijack sessions. How Does XSS Work? Unlike SQL Injection, which targets the database, XSS targets users interacting with a web application. If a website does not properly sanitize user input, an attacker can inject JavaScript like: <script>alert('Hacked!');</script> When another user visits the affected page, the script executes in their browser. Types of XSS 1. Stored XSS (Persistent) In this type, m...

SQL Injection (SQLi) for Beginners: A Step-by-Step Guide to Your First Hack

  What is SQL Injection (SQLi)? SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data they are not normally able to retrieve. How Does it Work? (The Logic) Imagine a login form where you enter your username. The database query looks like this: SELECT * FROM users WHERE username = 'YOUR_NAME' AND password = 'YOUR_PASSWORD' If the website is vulnerable, an attacker can enter ' OR 1=1 -- in the username field. The query becomes: SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = '...' Since 1=1 is always true, the database grants access without a valid password! Types of SQL Injection In-band SQLi (Classic): The attacker uses the same communication channel to launch the attack and gather results. Error-based: Forcing the database to produce an error message. Union-based: Using the UNION SQL operat...

Ethical Hacking & Penetration Testing Roadmap (2026)

A Complete Beginner-to-Professional Guide Why Learn Ethical Hacking? In today’s digital environment, organizations constantly face cyber threats. Ethical hackers play a key role in identifying vulnerabilities before attackers can exploit them. This field offers: High demand career opportunities Continuous learning Multiple income streams (job, bug bounty, freelancing) Quick Overview of the Roadmap This roadmap is divided into 7 practical stages: Fundamentals Web Security Hands-on Practice Tools Mastery Real-World Testing Reporting Skills Specialization Stage 1: Fundamentals (Build Your Base) Before touching any hacking tools, you must understand the basics. Networking IP Addressing TCP/UDP DNS & HTTP/HTTPS Operating Systems Linux (essential) Windows basics Programming Python (automation) JavaScript (web understanding) Stage 2: Web Security (Core Skills) Focus on the most common vulnerabilities: SQL Injection Cross-Site Scripting (XSS) Broken Access Control (IDOR) File Inclusion SSR...