solstice.sh Pentesting, Offensive Security Research & Development

eaphammer update - password spraying as of 0.4.0


As a version 0.4.0, EAPHammer supports the ability to perform password spraying attacks against WPA2-EAP wireless networks. Password spraying is a type of bruteforce attack in which multiple successive login attempts are made using a single password and a large number of accounts. A recent study published in May 2018 by GCHQ’s National Cyber Security Centre (NCSC) revealed that 75% of participating organizations had accounts with passwords featured in top-1000 password lists. With this in min...

Reflected XSS Through iFrame


Imagine we are targeting an instance of Damn Vulnerable Web App on an enterprise network. In this totally realistic scenario, there is also an instance of Web Cal running on the same network. The Web Cal instance is vulnerable to clickjacking. To gain access to DVWA, we can create a malicious web page that masquerades as the Web Cal instance using an iframe. We then could place a second iframe into the page that executes a reflected XSS attack against the target DVWA instance on page load. We...

XSS Session Hijacking Part II


In Part I of this series, we learned how to create two modern cookie stealers for stealthily carrying out session hijacking attacks. Although highly effective in many cases, both cookie stealers were useless against websites that employ HttpOnly session cookies.

XSS Session Hijacking Part I


Hacking Blindfolded - Exploiting SQL injections with no error output


WPA Cracking Primer - Aircrack


Layer 7 Denial of Service - R.U.D.Y.


#Intro to R.U.D.Y. attacks