Monthly archives: August, 2017

VulnHub Walkthrough: Donkey Docker

I’m always on the lookout for VulnHub VMs that teach real pentesting skills, and are not just puzzles.  I like them to be practical, and force you to learn techniques that you would use in the real world.  I feel Donkey Docker is one of these challenges.  As always we can begin with an nmap…


Exploiting Server Side Include Injection

Recently I was performing a penetration test and came across a Server Side Include injection bug (SSI).  If you are familiar with cross-site scripting (XSS) this type of vulnerability will sound familiar.  This is caused by an application taking input form the user, and supplying it in the response from the server.  The mitigations are…