Technology Never Stops Moving Forward, And Neither Do I
Technology moves fast. So do I. Education never stops.Continue Reading
Linux privilege escalation through sudo
The point of privilege escalation is to get a higher level of access. In Linux that would be to get a code execution as a root user. Here is the privilege escalation example in Linux using sudo. We get initial access by using obtained login and password of a regularContinue Reading
How to use Hydra to brute force web application user accounts
Hydra is a very good brute force tool in Kali Linux. It is very effective but requires some understanding to make sure it works as intended. In this case, I will use it to brute force the admin account in the web app, but hydra can be used for muchContinue Reading
HTML encoding and img XSS vulnerabilities and their mitigation
The following vulnerability allows the execution of malicious code on the web app. The testing was run through the search bar to see if certain javascript payloads could be executed. There is a lot of blacklisting going on that does prevent a lot of standard payloads, but there are aContinue Reading
Business Logic Vulnerability. Simple Case.
Business Logic Vulnerability. Simple Case. Business logic vulnerability is an error in the application logic that can be exploited by the user and it can be hard to detect because generally, those have to be found manually. The simple case would be finding a logic flaw in a chatbot andContinue Reading
On the importance of having an efficient pentesting methodology
Having an efficient methodology of pentesting can be the most important part of effective work. Simple case, log into the admin account. I could have launched BurpSuite or started brute-forcing my way into the account. Or in my case, just look at the source code. In just 30 seconds, IContinue Reading
Writeup: Exploiting XXE using external entities to retrieve files
This lab has a “Check stock” feature that parses XML input and returns any unexpected values in the response. To solve the lab, inject an XML external entity to retrieve the contents of the `/etc/passwd` file. First, let’s collect some information on the webapp. Let’s click around the store andContinue Reading
Writeup: Modifying serialized objects
Insecure deserialization can be a very critical vulnerability for a website. In this lab, we need to use credentials we already have to exploit insecure deserialization vulnerability, escalate privileges and delete Carlos’s account. First, we log into our account and use BurpSuite to see what we have going on. WeContinue Reading
Writeup: Basic server-side template injection
This lab covers basic server-side template injection. “This lab is vulnerable to server-side template injection due to the unsafe construction of an ERB template. To solve the lab, review the ERB documentation to find out how to execute arbitrary code, then delete the `morale.txt` file from Carlos’s home directory.” AsContinue Reading
Writeup: CORS vulnerability with basic origin reflection
PortSwigger Academy defines CORS vulnerability as follows: “Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy. However, it also provides potential for cross-domain attacks, if a website’s CORS policy isContinue Reading