Skip to main content

Posts

Directory Bruteforce: Discover Hidden Paths in Web Applications (2026 Guide)

Introduction In web penetration testing, discovering hidden directories and files is a crucial step. Many sensitive resources are not publicly linked but still accessible. Directory bruteforcing helps identify these hidden endpoints and expand the attack surface. What is Directory Bruteforce? Directory bruteforce is a technique used to discover hidden files and directories on a web server by systematically guessing possible paths. It works by sending multiple HTTP requests with different directory names from a wordlist. Why Directory Enumeration is Important Hidden directories may contain: Admin panels Backup files Configuration files API endpoints Development environments These can expose vulnerabilities. Popular Tools for Directory Bruteforce Common tools include: Gobuster Dirsearch FFUF These tools automate the process of discovering hidden paths. Installing Gobuster On Kali Linux: sudo apt install gobuster Basic Usage gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/...

Subfinder Tutorial: Complete Guide to Subdomain Enumeration (2026)

Introduction Subdomain enumeration is a crucial step in reconnaissance for penetration testing and bug bounty hunting. Finding hidden subdomains can reveal additional attack surfaces. One of the most efficient tools for this task is Subfinder. What is Subfinder? Subfinder is a fast and powerful subdomain discovery tool designed to find valid subdomains using passive sources. It is widely used by security researchers for reconnaissance. Key Features Passive subdomain enumeration Fast and lightweight Uses multiple data sources Easy to use Suitable for bug bounty workflows Why Subdomain Enumeration Matters Subdomains often expose: Admin panels APIs Development environments Misconfigured services These can lead to vulnerabilities. Installation Install Subfinder using Go: go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest Make sure your PATH is configured correctly. Basic Usage subfinder -d example.com This command finds subdomains of the target domain. Save Output ...

Enum4linux Tutorial: Complete Guide to SMB Enumeration for Beginners (2026)

  Introduction In penetration testing and ethical hacking, information gathering (enumeration) is a critical phase. One of the most powerful tools for enumerating Windows and Samba systems is Enum4linux. This guide will help you understand how Enum4linux works, what information it can extract, and how to use it effectively in a lab environment. What is Enum4linux? Enum4linux is a Linux-based tool used to enumerate information from Windows and Samba systems. It is commonly used in penetration testing to extract: Usernames Groups Shares Password policies System information Enum4linux works by leveraging SMB (Server Message Block) protocol. What is SMB? SMB (Server Message Block) is a network protocol used for sharing files, printers, and other resources between systems. It typically runs on: Port 139 Port 445 Why Enum4linux is Important Enum4linux helps identify: Misconfigured SMB services Anonymous login access User account information Network shares This information is often used f...

Brute Force Attack: Mastering Password Cracking with Hydra (2026 Guide)

Introduction In this part of the cybersecurity series, we explore one of the oldest yet highly effective attack techniques: the Brute Force Attack. We will also learn about a powerful tool called Hydra, widely used by penetration testers to identify weak authentication systems. What is a Brute Force Attack? A Brute Force Attack is a trial-and-error method used to guess login credentials by trying many password combinations. It works by systematically testing passwords from a predefined list (wordlist) until the correct one is found. What is Hydra? Hydra (THC-Hydra) is a fast and flexible password cracking tool used for testing login security. It supports multiple protocols, including: SSH FTP HTTP Telnet MySQL SMTP Security professionals use Hydra to test for weak passwords in controlled environments. Hands-on Lab: SSH Brute Force with Hydra Requirements Target IP address Username or username list Password wordlist (e.g., rockyou.txt in Kali Linux) Command Example hydra -l user -P /usr...

Server-Side Request Forgery (SSRF): A Comprehensive Guide for Beginners (2026)

Introduction In this part of the cybersecurity series, we explore one of the most critical web vulnerabilities: Server-Side Request Forgery (SSRF). With the rise of cloud platforms such as AWS, Azure, and Google Cloud, SSRF has become a high-impact vulnerability frequently targeted in bug bounty programs. What is SSRF? Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to force a server to make requests to unintended locations. In simple terms, the attacker uses the server as a proxy to access internal or restricted resources. How SSRF Works Many applications fetch data from external URLs. For example: fetch("https://trusted-site.com/data.json") If user input is not properly validated, an attacker can modify the request: fetch("http://127.0.0.1/admin") or: fetch("http://192.168.1.1/config") Because the request originates from the server, internal systems may trust it and return sensitive data. Types of SSRF Basic (In-band) SSRF T...

File Inclusion Vulnerabilities: Understanding LFI and RFI for Beginners (2026 Guide)

Introduction In this part of the cybersecurity series, we will explore a critical web vulnerability known as File Inclusion . File Inclusion occurs when a web application allows users to control which files are loaded or executed on the server without proper validation. This vulnerability can lead to sensitive data exposure or even full server compromise. What is File Inclusion? File Inclusion is a vulnerability where an application includes files based on user input without proper validation or restrictions. There are two main types of File Inclusion vulnerabilities: Local File Inclusion (LFI) Remote File Inclusion (RFI) 1. Local File Inclusion (LFI) LFI allows an attacker to access and sometimes execute files that are stored on the local server. How LFI Works Consider a website that loads pages using a parameter: https://example.com/view.php?page=contact.php If the application is vulnerable, an attacker can manipulate the parameter: https://example.com/view.php?page=../../../../etc/p...

Command Injection for Beginners: How to Execute OS Commands via Web Applications (2026 Guide)

🔐 Introduction After learning common web vulnerabilities like XSS and CSRF , it is important to understand more critical attacks such as Command Injection (OS Command Injection) . This vulnerability allows an attacker to execute operating system commands directly on the server , which can lead to full system compromise. 💡 What is Command Injection? Command Injection occurs when a web application takes unsafe user input and passes it directly to a system shell or OS command execution function. 👉 If input is not properly validated, attackers can inject malicious system commands. 🧠 How Command Injection Works Imagine a website has a “ping test” feature to check server connectivity. Backend logic example: system("ping -c 4 " + user_input); Normal Input: 8.8.8.8 Result: ping -c 4 8.8.8.8 Malicious Input: 8.8.8.8; whoami Result: ping -c 4 8.8.8.8; whoami 👉 The server executes both commands, exposing system-level information. ⚠️ Common Command Injection Operators Attackers use...