Author Image

PaulSec's Blog. Security & lulz.

© 2024 Paul A. CC BY-SA 4.0
Built with Hugo ❤️ hyde-hyde.
Diving into XSS googles game Jun 2, 2014 Hi there, this post deals with the game released by Google few days ago about XSS vulnerabilities that you can find here. I’ll enumerate some of the solution I found on the Internet which were (in my opnion) interesting/fun. This post contains the solutions for all levels. Big spoil. Level 1: Hello, world of XSS Well, this one was obvious: <script>alert(1);</script> Level 2: Persistence is key For this one, you had different options: ...
Bobby Write-up May 15, 2014 Hi there, Quick blog post on the VM “Bobby” which is once of the nicest VM I did so far. Discovery The first step is always the same: discovering the machine on the network. To do so: $ nmap -sV 192.168.1.1/24 I managed to retrieve the IP address: 192.168.1.11. Let’s start to fingerprint the different services to exploit it. Fingerprinting Then, I used Nmap to retrieve the services running: $ nmap -sV 192. ...
HTTP Security Headers on top 10k Alexa websites May 13, 2014 EDIT: Added statistics of max-age option. Hi there, This blog post deals with HTTP Security Headers on top 10k Alexa websites. Based on this discussion on netsec, I decided to do some statistics on Alexa ranking. To do this study, I did a GET HTTP Request and saved the headers in the HTTP response. This has been done using Python. First of all, I scanned 10000 hosts. 555 hosts didn’t respond so those statistics are based on 9445 hosts. ...
Blind HQL Injection in REST API using H2 DMBS May 5, 2014 This post deals with some research I just did regarding (Blind) HQL injections with H2 as the DataBase Management System. First, you should read this post which gives some really useful information regarding HQL injections in general: HQL for pentesters. During the assessment, I checked the API calls by using Burp as a proxy and one call was: http://application/API/Users/?req=id=1 The output was a JSON response, such as: [{user: "admin", id: "1", firstName:"Admin"}] If you changed the id with the numeric value 2, and so on. ...
BSides Slides - CSRFT Apr 29, 2014 Hey, Just a quick post to give you the link to my slides for BSides London today: Here Don’t hesitate if you have any feedback, or any good feature. You can reach me either on Github and Twitter Just few words about the conference which was absolutely amazing. Some really great people were here, good atmosphere and people were really helpful. For sure, I’ll attend it next year. Cheers,
BWApp Write-Up Apr 21, 2014 This post contains the steps to get a root shell with bWapp VM Host discovery As always, we need to discover where the machine is on our network. To do so, let’s use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address (192.168.1.10), we need to do some fingerprinting. nmap -sV 192.168.1.10 Fig. Nmap scan result A lot of services were open, such as: VNC, FTP, etc. As I saw it in the scan report, I decided to scan the port 80 with Nikto. ...
Scream Write-up Apr 16, 2014 This post contains the steps to get a root shell with Scream VM This VM can he found here. Have a look to find even more VMs. But before starting the report, I’d like to congratulate g0tmi1k for his awesome tool : VulnInjector. Ok, let’s do this write-up ! Host discovery As always, we need to discover where the machine is on our network. To do so, let’s use Nmap: ...
Exploiting KB Vulnerable Web App 1 Write-Up Apr 15, 2014 This post contains the steps to get a root shell with Exploit KB Vulnerable Web App 1 VM This VM can he found here. Have a look to find even more VMs Host discovery First, we need to discover where the machine is on our network. To do so, let’s use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting. nmap -sV 192.168.1.23 Fig. ...
Kioptrix 2 Write-up Apr 15, 2014 This post contains the steps to get a root shell with Kioptrix level 2 VM This VM can he found here. Have a look to find even more VMs Host discovery First, we need to discover where the machine is on our network. To do so, let’s use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting. nmap -sV 192.168.1.42 Fig. Nmap scan result ...
Kioptrix 1 Write-up Apr 14, 2014 This post contains the steps to get a root shell with Kioptrix level 1 VM This VM can he found here. Have a look to find even more VMs Host discovery First, we need to discover where the machine is on our network. To do so, let’s use Nmap: nmap -sP 192.168.1.1/24 Fingerprinting After getting the IP address, we need to do some fingerprinting. nmap -sV 192.168.1.2 Fig. Nmap scan result ...