Kioptrix 3 Write-up
Jun 12, 2014
This has been some long time I haven’t written another write-up. This one’s for Kioptrix 3 that you can find here.
Host Discovery $ nmap -sP 192.168.56.1/24 and we got the IP address : 192.168.56.101.
As it was explained, you need to add 192.168.56.101 kioptrix3.com in your /etc/hosts.
Fingerprinting Then, let’s find what kind of services are running on the host machine.
$ nmap 192.168.56.101 -sV -A Starting Nmap 6.46 ( http://nmap.
...
➦
Diving into XSS googles game
Jun 2, 2014
Hi there, this post deals with the game released by Google few days ago about XSS vulnerabilities that you can find here.
I’ll enumerate some of the solution I found on the Internet which were (in my opnion) interesting/fun. This post contains the solutions for all levels. Big spoil.
Level 1: Hello, world of XSS Well, this one was obvious:
<script>alert(1);</script> Level 2: Persistence is key For this one, you had different options:
...
➦
Bobby Write-up
May 15, 2014
Hi there,
Quick blog post on the VM “Bobby” which is once of the nicest VM I did so far.
Discovery The first step is always the same: discovering the machine on the network. To do so:
$ nmap -sV 192.168.1.1/24 I managed to retrieve the IP address: 192.168.1.11.
Let’s start to fingerprint the different services to exploit it.
Fingerprinting Then, I used Nmap to retrieve the services running:
$ nmap -sV 192.
...
➦
HTTP Security Headers on top 10k Alexa websites
May 13, 2014
EDIT: Added statistics of max-age option.
Hi there,
This blog post deals with HTTP Security Headers on top 10k Alexa websites. Based on this discussion on netsec, I decided to do some statistics on Alexa ranking.
To do this study, I did a GET HTTP Request and saved the headers in the HTTP response. This has been done using Python.
First of all, I scanned 10000 hosts. 555 hosts didn’t respond so those statistics are based on 9445 hosts.
...
➦
Blind HQL Injection in REST API using H2 DMBS
May 5, 2014
This post deals with some research I just did regarding (Blind) HQL injections with H2 as the DataBase Management System.
First, you should read this post which gives some really useful information regarding HQL injections in general: HQL for pentesters.
During the assessment, I checked the API calls by using Burp as a proxy and one call was:
http://application/API/Users/?req=id=1 The output was a JSON response, such as:
[{user: "admin", id: "1", firstName:"Admin"}] If you changed the id with the numeric value 2, and so on.
...
➦
BSides Slides - CSRFT
Apr 29, 2014
Hey,
Just a quick post to give you the link to my slides for BSides London today: Here Don’t hesitate if you have any feedback, or any good feature.
You can reach me either on Github and Twitter
Just few words about the conference which was absolutely amazing. Some really great people were here, good atmosphere and people were really helpful.
For sure, I’ll attend it next year.
Cheers,
BWApp Write-Up
Apr 21, 2014
This post contains the steps to get a root shell with bWapp VM
Host discovery As always, we need to discover where the machine is on our network. To do so, let’s use Nmap:
nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address (192.168.1.10), we need to do some fingerprinting.
nmap -sV 192.168.1.10 Fig. Nmap scan result
A lot of services were open, such as: VNC, FTP, etc.
As I saw it in the scan report, I decided to scan the port 80 with Nikto.
...
➦
Scream Write-up
Apr 16, 2014
This post contains the steps to get a root shell with Scream VM
This VM can he found here. Have a look to find even more VMs. But before starting the report, I’d like to congratulate g0tmi1k for his awesome tool : VulnInjector.
Ok, let’s do this write-up !
Host discovery As always, we need to discover where the machine is on our network. To do so, let’s use Nmap:
...
➦
Exploiting KB Vulnerable Web App 1 Write-Up
Apr 15, 2014
This post contains the steps to get a root shell with Exploit KB Vulnerable Web App 1 VM
This VM can he found here. Have a look to find even more VMs
Host discovery First, we need to discover where the machine is on our network. To do so, let’s use Nmap:
nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting.
nmap -sV 192.168.1.23 Fig.
...
➦
Kioptrix 2 Write-up
Apr 15, 2014
This post contains the steps to get a root shell with Kioptrix level 2 VM
This VM can he found here. Have a look to find even more VMs
Host discovery First, we need to discover where the machine is on our network. To do so, let’s use Nmap:
nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting.
nmap -sV 192.168.1.42 Fig. Nmap scan result
...
➦