I recently came across a pentest that taught me to love thy scripture; stringent conditions force you to get a different perspective. The client network was abstractly setup as below : The network was fairly good because of the firewall on one end but a few problems became evident leading to the attack surface […]
Love thy scripture – XXE
XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services. The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with […]
In the recent leak from shadow brokers; here has been great uptake in using the scripts. Some of the things to note though are that the script works on : Python 2.6 (32 bit) pywin32 (32 bit) Solving the problems with this requirement ; I will highlight the 2 most common: Running a different version of […]
In the previous article we built the check method and all went well; now the last bit is build the exploit method and clean up. Exploit method Moving right into the code, I will explain the important parts that may be relatively new ; Line 52 helps us generate the payload Line 53 helps us give […]
In the previous article we covered the initialize method. So moving on to the juice stuff the check and exploit methods. Enter Check Method The check method is simple. we have already declared all we need to use so now lets put everything into good use. Similar to our previous python based exploit ; we […]
Today I want to go through something even I have been struggling with for a while ; creating PoC’s is a good thing but creating actionable exploits for frameworks like metasploit was really something else; takes a lot more discipline. Why would we do this? well interactive shells are everyone’s joy. PS: yes I had […]
Mobile App Native
Today I release a simple exploit as a PoC for the 5 advisories. These were discovered by Larry W Cashdollar. The exploit takes on the following phases: It checks that the plugin exists. If it does it generates a webshell and uploads it to the server. The plugin renames shells to an md5 hash; The PoC […]
Man In The DOM (MiTD)
You are in the middle of an assessment , things are thick. SE is the only option but you are short on time. Users however are sloppy and the question begs to ask: What’s the Worst that could happen on an unlocked screen for a few minutes? Well Take these pointers at hand: Users Leave […]