Love thy scripture – XXE

XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services.  The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with[…]

Long Live Traversals and LFI

Ladies and gentlemen ; I have gathered you here today to discuss the life of another fallen one. It is with great sadness that we announce the LFI on BOA webserver ; BOA is a favorite among many using embedded nix systems to use as a webserver due to its efficiency but alas it has[…]

Getting the shadow running

In the recent leak from shadow brokers; here has been great uptake in using the scripts. Some of the things to note though are that the script works on : Python 2.6 (32 bit) pywin32 (32 bit) Solving the problems with this requirement ; I will highlight the  2 most common: Running a different version of[…]

Credential Harvesting on paranoid browsers

Credential harvesting is one of the most common methods used in social engineering attacks when phishing. A sample can be viewed here. Some things about the cloner in social engineering toolkit: It doesn’t download assets i.e. images, css, javascript files The page cloned needs to be always reachable I will be testing this on chrome[…]

Surviving an SSH Audit

It’s often seen from most scanners a number of issues being raised in regard to SSH security. They are mostly around : Use of weak arcfour ciphers SSH Weak ciphers SSH weak Mac algorithms SSH insecure key exchange etc. as an example we will cover how to harden a weak understanding of the defaults and[…]

Automating web exploits using metasploit – 3

In the previous article we built the check method and all went well; now the last bit is build the exploit method and clean up. Exploit method Moving right into the code, I will explain the important parts that may be relatively new ; Line 52 helps us generate the payload Line 53 helps us give[…]

Automating web exploits using metasploit – 2

In the previous article we covered the initialize method. So moving on to the juice stuff the check and exploit methods. Enter Check Method The check method is simple. we have already declared all we need to use so now lets put everything into good use. Similar to our previous python based exploit ; we[…]