NotePad++ v6.6.9 <= Buffer Overflow

Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Attackers have managed to identify buffer overflows in a staggering array of products and components. Buffer overflow flaws can be present in both the web server and application server products that serve the static and dynamic portions of a site, or in the web application itself. Buffer overflows found in commonly-used server products are likely to become widely known and can pose a significant risk to users of these products. When web applications use libraries, such as a graphics library to generate images or a communications library to send e-mail, they open themselves to potential buffer overflow attacks.

Windows Command Injection Vulnerability for a Command Shell

An attacker can target file servers lying on intranet using this security vulnerability

With the help of this security impact, normal user can perform privilege escalation on windows file server systems by just creating some fancy (Not really) folders. In order to perform this vulnerability, user just need to create some special folders with regularly being used commands such as ping, cd, md etc…

Reverse Shell via Bash Bug - Shellshock - CVE-2014-6271

In this tutorial, I am going to create reverse tcp shell via bash bug/shellshock. If you guys do not know what is that then kindly refer my first and second tutorial on that.

Before diving into direct reverse tcp shell tutorial, I would like to recap you all guys about reverse tcp shell as this blog is not dedicated to only pros :P like you. (SORRY FOR THE BAD JOKE)

I would like to start this session as an interactive question/answer section.

LFI - The Beauty of BashBug // Shellshock

Hi folks, if you have not seen my previous tutorial on Bash Bug Penetration Testing then kindly check it. In this part of bash bug, I am supplying very small trick to exploit bash via CGI.

Lab setup is the same as previously mentioned in my last tutorial. Also the methodology is the same. 

Limitation in last tutorial of bash bug : In that demonstration I was managed to exploit bash successfully, somehow I could not make sure from client side(my end) that exploitation has gone successful or not. For that I went to vulnerable VM machine and went to that particular directory and checked that the files has been created successfully or not.

Advantage of this technique : In this technique I am making a new header with a variable, in which I will give arbitiary comamnds in order to exploit in the victim''s box. On top of that the result of that command's output will be reflected back at my burp sute's response. So this is the smartness of this payload that we do not need to go to server's end in order to confirm that has our exploitation been successful or not. We can do this by sitting at client side only since the output will be reflected to us.

Bash-Bug Penetration Testing - Anatomy of Shellshock

A new security vulnerability known as the Bash or Shellshock bug could spell disaster for major digital companies, small-scale Web hosts and even Internet-connected devices.

The quarter-century-old security flaw allows malicious code execution within the bash shell (commonly accessed through Command Prompt on PC or Mac's Terminal application) to take over an operating system and access confidential information.

A post from open-source software company Red Hat warned that "it is common for a lot of programs to run Bash shell in the background," and the bug is "triggered" when extra code is added within the lines of Bash code.

Packed File Forensics With PEextract Tool

Python is the only language which provides a better interface for the analysts who are working in forensics departments. It is a high level language. The analyst can write scripts in order to examine the different evidence. In the past many analysts have written open-source scripts which got rapidly used by the world in forensic investigation. For example, volatility tool for the memory forensics analysis, GRR, which is a rapid incident response framework, libppf, which is a helpful tool to access the personal files and folders. This paper will provide you the introduction to different areas of forensics in which python is used as a scripting language. Then I will develop an artefact in which I will create a python tool which will be used in forensics to analyse PE file format which is known as portable executable file attributes. Quickly generate using Python to further examine the evidence.

M0n0Wall Firewall Penetration Testing

The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are:·One of the benefits would include testing the equipment that is supposedly protecting the network. Another could be that your client would like to know just how long it would take the Information Technology team to respond to a targeted attack on the environment. You will also need to understand the automated methods of detection such as web applications, network, and host-based intrusion detection systems that are in place to avoid triggering alerts.

Fool The Network Hunters (Hackers)

Portspoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security system. The general goal of the program is to make the information gathering phase slow and bothersome for your attackers as much it is only possible. This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.

So let’s start directly. So this is how the common structure of portspoof. First I will mention normal network structure without using portspoof and then with using portspoof. Below figure shows the normal structure of my network.

Exploitation Through Metasploit

Exploitation is the main part of penetration testing many security professionals’ careers. The ability to gain full control over a targeted machine is a great feeling. Various system and network protections have made it increasingly more difficult to succeed with basic exploits. So we need to know advance exploitation.

In this article, we move into more difficult attack methods, beginning with command-line interfaces to the Metasploit Framework. Most of the attacks and customizations discussed in this article will occur in msfconsole, msfencode, and msfpayload.

Before you begin to exploit systems, we need to understand a few things about penetration testing and exploitation.

Vulnerability Scanning With Metasploit

Vulnerability scanning is part of penetration testing. A vulnerability scanner is an automated program designed to look for weaknesses in computer systems, networks, and applications. There are many vulnerability scanners available for penetration Testing. But here we use Metasploit framework for scanning vulnerability.

 Various operating systems respond differently because of the different networking implementations in use. These unique responses that vulnerability scanner uses to determine the operating system version and even its patch level. A vulnerability scanner can also use a given set of user credentials to log into the remote system and enumerate the software and services to determine whether they are patched.

Information Gathering Through Metasploit

Your goals during information gathering should be to gain accurate information about your targets without revealing your presence or your intentions, to learn how the organization operates, and to determine the best route. Metasploit is a best console for information gathering it is very comprehensive penetration testing tool. In this article, I am going to cover whole information gathering of a network using Metasploit.

Information gathering requires careful planning, research, and, most importantly, the ability to think like an attacker. At this step, you will attempt to collect as much information about the target environment as possible.

There are two types of information gathering passive and active.

CASE STUDY – NEWS OF THE WORLD PHONE HACKING SCANDAL (NOTW)

The world is growing rapidly with various technologies, and accordingly the illegal activities are being increased by adopting these new technologies. Every country has their own laws and regulations. In the UK people are convicted under the Computer Misuse Act 1990 for illegal activities, which are done with the help of technologies, and there are evidences proved that many people have been sentenced under those laws (Turner, M., 2013).Apart from that, there are few regulations such as RIPA 2000, which gives power to certain authorities in the UK to carry out surveillance or intercepting the communications against a person for a specific reason. The question is that how these laws are being used effectively and reasonably? Gaining information illegally or by misusing the power of rights is against the law and publishing this information is unethical and against Media Regulations.

Practical Buffer Overflow - Vulnerability Disclosure

Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Attackers have managed to identify buffer overflows in a staggering array of products and components. Buffer overflow flaws can be present in both the web server and application server products that serve the static and dynamic portions of a site, or in the web application itself. Buffer overflows found in commonly-used server products are likely to become widely known and can pose a significant risk to users of these products. When web applications use libraries, such as a graphics library to generate images or a communications library to send e-mail, they open themselves to potential buffer overflow attacks.

Ideal Information Security Policy for SME

Information security shortly (named called as IS) is a critical part of any small scale company and a big enterprise. To preserve private information is a big challenge for any firm. Information security involves very confidential important assets and other business process.It also includes all those private financial documents and also private information of each and every employers within the organization. In some case information may also include client’s important assets. Without having proper security of all these information, it becomes unreliable. Having lack of proper security mechanism sometimes it is also inaccessible when it is really needed. Lack of security can also invite 3^rd parties to let them compromise these private assets and information. Information has two types.

Theoretical Methodology for Detecting ICMP Reflected Attacks: SMURF Attacks

There are plenty of different ways to track the original source of a DoS attack, but those techniques are not efficient enough to track a reflected ICMP attack. When I say “reflected ICMP attack,” that means a SMURF attack. Here I am going to show you a new model to trackback the reflective DOS attack caused by ICMP packets.This is a very efficient method, because you can do this with the help of a really few attack packets. We have seen that, to detect ICMP attacks in direct attack, we need a large amount of packets to be revised, which is not true in this case.

Computer Forensics Investigation – A Case Study

Computer technology is the major integral part of everyday human life, and it is growing rapidly, as are computer crimes such as financial fraud, unauthorized intrusion, identity theft and intellectual theft. To counteract those computer-related crimes, Computer Forensics plays a very important role. “Computer Forensics involves obtaining and analysing digital information for use as evidence in civil, criminal or administrative cases (Nelson, B., et al., 2008)”. A Computer Forensic Investigation generally investigates the data which could be taken from computer hard disks or any other storage devices with adherence to standard policies and procedures to determine if those devices have been compromised by unauthorised access or not. Computer Forensics Investigators work as a team to investigate the incident and conduct the forensic analysis by using various methodologies (e.g. Static and Dynamic) and tools (e.g. ProDiscover or Encase) to ensure the computer network system is secure in an organization.

Spoofing Ports To Trick Bad Guys

Portspoof is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security system. The general goal of the program is to make the reconessaince phase slow and bothersome for your attackers as much it is only possible. This is quite a change to the standard 5s Nmap scan, that will give a full view of your systems running services.

Web App Pentest - Part 5 XSS

In my previous article we have seen which are the different ways of fuzzing including suffix and prefix. We used those fuzzing techniques in order to find error messages in web application. Now as we know how to fuzz, we will use that skill to find XSS generally known as cross site scripting.

Testing For XSS

Without wasting much time, let us go to, Document viewer page under A3 Cross site scripting(XSS) module. In there are various method of exploiting XSS but first we will choose simple method which is HTTP attribute.

Web App Pentest - Part 4 Suffix & Prefix in Fuzzing

In this series of article, last time we talked about the fuzzing and various SQL statement special characters which can be used in fuzzing the web application. In this article I am going to focus on various prefixes and suffix of fuzzing in order to fuzz the target web application.

Web App Pentest - Part 3 Fuzzing

When We test the web application, we do not test a single page but we test lot of page of a single web application. So each page may have more than one variable so technically you will be engaging with ton of variables within your web application test. So when you inject anything to the input it is good to know what kind of effect your injection is making to the server. In this part of these article series we will look at the importance of simple alphabetic injection along with the web page encoding technology and how it does effect on our testing and result.

Web App Pentest - Part 2 Indentifying Injection Points

If your web page is static, you cannot test it as far as security concern. You can test it at some sort of view but you can’t play with it much as compare to dynamic page. Nikto scanner is a good utility which works best in testing static sites. There has to be some interaction between client and server via login panel, comment section, register page, contact us form and so on.

Web App Pentest - Part 1 Introduction

In this series of articles, I am going to demonstrate how you can manually exploit the vulnerability of a web application, compared to using any automation tool, in order to find vulnerabilities in the application. Almost all companies worldwide focus on manual testing of web application rather than running web application scanners, which limit your knowledge and skills and the scope of finding a vulnerability with your testing.

For the whole series I am going to use these programs: