Thursday, December 25, 2014

NotePad++ v6.6.9 <= Buffer Overflow

Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Attackers have managed to identify buffer overflows in a staggering array of products and components. Buffer overflow flaws can be present in both the web server and application server products that serve the static and dynamic portions of a site, or in the web application itself. Buffer overflows found in commonly-used server products are likely to become widely known and can pose a significant risk to users of these products. When web applications use libraries, such as a graphics library to generate images or a communications library to send e-mail, they open themselves to potential buffer overflow attacks.

Thursday, October 16, 2014

Windows Command Injection Vulnerability for a Command Shell

An attacker can target file servers lying on intranet using this security vulnerability

With the help of this security impact, normal user can perform privilege escalation on windows file server systems by just creating some fancy (Not really) folders. In order to perform this vulnerability, user just need to create some special folders with regularly being used commands such as ping, cd, md etc…

Saturday, September 27, 2014

Reverse Shell via Bash Bug - Shellshock - CVE-2014-6271

In this tutorial, I am going to create reverse tcp shell via bash bug/shellshock. If you guys do not know what is that then kindly refer my first and second tutorial on that.

Before diving into direct reverse tcp shell tutorial, I would like to recap you all guys about reverse tcp shell as this blog is not dedicated to only pros :P like you. (SORRY FOR THE BAD JOKE)

I would like to start this session as an interactive question/answer section.

Friday, September 26, 2014

LFI - The Beauty of BashBug // Shellshock

Hi folks, if you have not seen my previous tutorial on Bash Bug Penetration Testing then kindly check it. In this part of bash bug, I am supplying very small trick to exploit bash via CGI.

Lab setup is the same as previously mentioned in my last tutorial. Also the methodology is the same. 
Limitation in last tutorial of bash bug : In that demonstration I was managed to exploit bash successfully, somehow I could not make sure from client side(my end) that exploitation has gone successful or not. For that I went to vulnerable VM machine and went to that particular directory and checked that the files has been created successfully or not.

Advantage of this technique : In this technique I am making a new header with a variable, in which I will give arbitiary comamnds in order to exploit in the victim''s box. On top of that the result of that command's output will be reflected back at my burp sute's response. So this is the smartness of this payload that we do not need to go to server's end in order to confirm that has our exploitation been successful or not. We can do this by sitting at client side only since the output will be reflected to us.

Thursday, September 25, 2014

Bash-Bug Penetration Testing - Anatomy of Shellshock

A new security vulnerability known as the Bash or Shellshock bug could spell disaster for major digital companies, small-scale Web hosts and even Internet-connected devices.

The quarter-century-old security flaw allows malicious code execution within the bash shell (commonly accessed through Command Prompt on PC or Mac's Terminal application) to take over an operating system and access confidential information.

A post from open-source software company Red Hat warned that "it is common for a lot of programs to run Bash shell in the background," and the bug is "triggered" when extra code is added within the lines of Bash code.

Sunday, May 25, 2014

Packed File Forensics With PEextract Tool

Python is the only language which provides a better interface for the analysts who are working in forensics departments. It is a high level language. The analyst can write scripts in order to examine the different evidence. In the past many analysts have written open-source scripts which got rapidly used by the world in forensic investigation. For example, volatility tool for the memory forensics analysis, GRR, which is a rapid incident response framework, libppf, which is a helpful tool to access the personal files and folders. This paper will provide you the introduction to different areas of forensics in which python is used as a scripting language. Then I will develop an artefact in which I will create a python tool which will be used in forensics to analyse PE file format which is known as portable executable file attributes. Quickly generate using Python to further examine the evidence.

Saturday, May 17, 2014

M0n0Wall Firewall Penetration Testing

The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are:·One of the benefits would include testing the equipment that is supposedly protecting the network. Another could be that your client would like to know just how long it would take the Information Technology team to respond to a targeted attack on the environment. You will also need to understand the automated methods of detection such as web applications, network, and host-based intrusion detection systems that are in place to avoid triggering alerts.

Thursday, May 1, 2014

Fool The Network Hunters (Hackers)

Portspoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security system. The general goal of the program is to make the information gathering phase slow and bothersome for your attackers as much it is only possible. This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.

So let’s start directly. So this is how the common structure of portspoof. First I will mention normal network structure without using portspoof and then with using portspoof. Below figure shows the normal structure of my network.