Reported by Sucuri, the HD FLV Player suffers of an Arbitrary File Download vulnerability which is of course considered critical.

The vulnerable code can be found in download.php:

<?php
$filename = $_GET['f'];
header('Content-disposition: attachment; filename='.basename($filename));
readfile($filename);
?>

Since there is absolutly no check nor filter applied before using the f parameter passed in the url, this is the perfect backdoor to get almost any file you want on the machine (depending of the right of the user the server is running). No matter the plugin is enable or not, you simply need to run the install to be exposed.

...

DVWA is a PHP/MySQL web application that is intentionally vulnerable. The goal is to learn common web vulnerabilities and improve your security skills by training yourself on your own server. 3 levels are available (low, medium and high) to perform those following attacks :

  • Bruce Force
  • Command Execution
  • CSRF
  • Captcha
  • File Inclusion
  • SQL Injection (plus Blind)
  • File Upload
  • XSS

The lowest level is usually pretty easy to bypass but the high level as a best practice presents the right way to protect your application.

...

Below some tools you can use for scans and vulnerability assessment while performing a penetration test:

exploit-db: The Exploit Database

grabber: web application scanner

inguma: pentest toolkik which can perfom target auditing and information gathering

Metasploit: “world’s most used penetration testing software”

Nessus: vulnerability scanner

Nikto: an Open Source web server scanner

oscanner: oracle assessment framework

searchsploit: search in exloit-db database

...

Below some tools you can use for post exploitation while performing a penetration test:

Cryptcat: Netcat enhanced with twofish encryption

Hacker Defender: rootkit for Windows

Meterpreter: provides an interactive shell which allows you to use extensible features at run time

Netcat: networking utility which reads and writes data across network connections using the TCP/IP protocol.

...

Below some tools you can use for information gathering while performing a penetration test:

Online

googledorks from Hackers for Charity and  from the Exploit Database

IP-address: free IP Address Lookup

Netcraft: what is that site running?

SHODAN: search engine for all connected object around the world (even fridges)

Threat Agent: collect informations from open sources (seems to be down?)

Wolfram|Alpha:  compute answers and provide knowledge

YouGetSignal:  collection of uncomplicated, powerful network tools

...