Manual SQL Injection

So you suspect a page might be vulnerable to SQL Injection but before you run it through SQLmap, you can try the following statements to manually test the input: The intention is for this post to grow over time and become a repository of all the sucessful manual injection points  I use. ‘ admin’ or […]

How to install and use the Reconscan python script in Kali

So you’ve been doing some research into preparing for the OSCP Penetration Testing with Kali course and certification. You have discovered that in order to stand a good chance of doing well in the exam it pays to become proficient in enumeration. Enumeration is the process by which the pen tester discovers as much as […]

Finding the IP address of a Vulnerable Machine

So you’ve got your lab setup and you’ve been over to and you’ve downloaded a vulnerable virtual machine such as Kioptrix 1.1. You have managed to install the VM into your favourite hypervisor such as Virtual Box or VMWare and get it booted. You are presented at this stage with a login screen for […]