Friday, April 7, 2017

CVE-2016-7786 - Sophos Cyberoam UTM - Privilege Escalation

In this small article I am going to share one of my zero day that I found a while back ago in Sophos Cyberoam UTM device.

Thursday, March 30, 2017

Network Security VAPT Checklist

Hi Guys, there are very few technical network security assessment checklist. So I thought to share my own on this. Have a look and enjoy. Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc.. Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest.

Friday, March 3, 2017

Android Application Backup Vulnerabiility Testing

You must be already knowing about android application backup process. Beauty of this vulnerability is it works on non-rooted devices too sometimes. The vulnerability lies within the AndroidManifest.xml file.

Today we are going to test DIVA (Damn Insecure Vulnerable Application) against this vulnerability. First I had diva-beta.apk file. I unzip that using below command: