Sunday, November 15, 2015

Bugbounty - Password returned in the response in cleartext

Another interesting bug, that I found in As you know & are pretty famous and old social media. Design and functionality of these two domains are pretty similar.

BugBounty-Unexpected application behaviour causing self DoS attack

Hi Guys,
From now onwards I am starting real world bug hunting case studies of mine. This is the first draft of it. I was performing blackbox testing of this website.

Sunday, August 23, 2015

Ncat - Swiss Army Knife - Summary

Its been a while, I haven't written any blog due to my busy job schedule + client side projects.I was just furnishing knowledge so decided to practice netcat. So this is single tutorial for netcat which includes all necessary information about it.

Monday, May 25, 2015

Basic Malware Analysis Techniques

Malware analysis is an essential activity of being security analyst. In this post I am going to provide a method of investigating windows machine for any malware instances. In this post you will learn how to do basic investigation in order to identify malware on windows system. Not only this you will also learn to know what type of mawlare that and to which domains it interacts with.

Thursday, December 25, 2014

NotePad++ v6.6.9 <= Buffer Overflow

Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Attackers have managed to identify buffer overflows in a staggering array of products and components. Buffer overflow flaws can be present in both the web server and application server products that serve the static and dynamic portions of a site, or in the web application itself. Buffer overflows found in commonly-used server products are likely to become widely known and can pose a significant risk to users of these products. When web applications use libraries, such as a graphics library to generate images or a communications library to send e-mail, they open themselves to potential buffer overflow attacks.

Thursday, October 16, 2014

Windows Command Injection Vulnerability for a Command Shell

An attacker can target file servers lying on intranet using this security vulnerability

With the help of this security impact, normal user can perform privilege escalation on windows file server systems by just creating some fancy (Not really) folders. In order to perform this vulnerability, user just need to create some special folders with regularly being used commands such as ping, cd, md etc…

Saturday, September 27, 2014

Reverse Shell via Bash Bug - Shellshock - CVE-2014-6271

In this tutorial, I am going to create reverse tcp shell via bash bug/shellshock. If you guys do not know what is that then kindly refer my first and second tutorial on that.

Before diving into direct reverse tcp shell tutorial, I would like to recap you all guys about reverse tcp shell as this blog is not dedicated to only pros :P like you. (SORRY FOR THE BAD JOKE)

I would like to start this session as an interactive question/answer section.

Friday, September 26, 2014

LFI - The Beauty of BashBug // Shellshock

Hi folks, if you have not seen my previous tutorial on Bash Bug Penetration Testing then kindly check it. In this part of bash bug, I am supplying very small trick to exploit bash via CGI.

Lab setup is the same as previously mentioned in my last tutorial. Also the methodology is the same. 
Limitation in last tutorial of bash bug : In that demonstration I was managed to exploit bash successfully, somehow I could not make sure from client side(my end) that exploitation has gone successful or not. For that I went to vulnerable VM machine and went to that particular directory and checked that the files has been created successfully or not.

Advantage of this technique : In this technique I am making a new header with a variable, in which I will give arbitiary comamnds in order to exploit in the victim''s box. On top of that the result of that command's output will be reflected back at my burp sute's response. So this is the smartness of this payload that we do not need to go to server's end in order to confirm that has our exploitation been successful or not. We can do this by sitting at client side only since the output will be reflected to us.