solstice.sh Pentesting, Offensive Security Research & Development

Reflected XSS Through iFrame


Imagine we are targeting an instance of Damn Vulnerable Web App on an enterprise network. In this totally realistic scenario, there is also an instance of Web Cal running on the same network. The Web Cal instance is vulnerable to clickjacking. To gain access to DVWA, we can create a malicious web page that masquerades as the Web Cal instance using an iframe. We then could place a second iframe into the page that executes a reflected XSS attack against the target DVWA instance on page load. We...

XSS Session Hijacking Part II


In Part I of this series, we learned how to create two modern cookie stealers for stealthily carrying out session hijacking attacks. Although highly effective in many cases, both cookie stealers were useless against websites that employ HttpOnly session cookies.

XSS Session Hijacking Part I


Hacking Blindfolded - Exploiting SQL injections with no error output


WPA Cracking Primer - Aircrack


Layer 7 Denial of Service - R.U.D.Y.


#Intro to R.U.D.Y. attacks

Rogue AP Attacks Part 1 - Evil Twin


An Evil Twin is a wireless attack that works by impersonating a legitimate wireless access point. So long as the malicious access point has a stronger signal strength than its legitimate counterpart, all devices connected to the target AP will drop and connect to the attacker. The attacker can then act as a router between the connected devices and a network gateway, establishing a man-in-the-middle scenario. With the exception of karma attacks and the use of SDR, this is one of the most effec...