ICMP stands for Internet Control Message Protocol and is the most used protocol in networking technology. A connectionless protocol, ICMP does not use any port number and works in the network layer. ICMP is commonly used for diagnostic purposes, error reporting or querying any server, and right now attackers […]
In this article we are going to solve another challenge of Xerxes. Xerxes is historically known as a god king, but here Xerxes is a vulnerable machine and our challenge is to capture the flag from it. The machine consists of a Web application which is under construction, but […]
It’s one of the most exciting moments in a security researcher’s work: while looking through an obscure log file, you see strings like “James1984″ and “SecureMe!” scattered throughout the data. Upon closer inspection, you realize that you’ve uncovered hundreds if not thousands of cleartext username/password pairs!
Even as you celebrate […]
In this series of articles, last time we talked about fuzzing and various SQL statement special characters which can be used in fuzzing a web application. In this article, I am going to focus on various prefixes and suffixes of fuzzing in order to fuzz the target web application.
In the previous article, we discussed how to integrate Burp Suite Free Edition with SoapUI to fuzz different parameters of a soap request, how to configure Burp, and how to use different features like Burp Repeater and Intruder. I assume that whoever is going through this article have that […]
In this article we are going to see some major vulnerabilities typical of a remote banking application. We found an interesting vulnerable machine created by PHDays team. We hosted the vulnerable machine in Virtual box and logged in with these credentials: Username:root Password:phd2012. We identified the IP for that […]
In a previous post, I covered the basics on the popular penetration testing Web browser Mantra. That post contains information on how to download Mantra, as well as installation and basic configuration. The Mantra browser comes with a nice GUI and most of the security and penetration testing related […]
When we test a web application, we do not test a single page, but a lot of pages of a single web application. Each page may have more than one variable, so technically you will be engaging with a ton of variables during your web application test. So when […]
This article is the first part of a series on NSA BIOS backdoor internals. Before we begin, I’d like to point out why these malwares are classified as “god mode.” First, most of the malware uses an internal (NSA) codename in the realms of “gods,” such as DEITYBOUNCE, GODSURGE, […]
In the previous article we discussed in what cases we might face challenges performing manual web services penetration testing and how SoapUI will help in those circumstances. Now, what are the logical and business logic test cases when testing a web services, how do we test them, and what […]
Users of web applications are identified by session IDs. An attacker can impersonate users when generated sessions are predictable. This article introduces Burp Suite Sequencer and shows how it can be used to analyze session randomness.
2. Burp Suite Sequencer
The sequencer is part of Burp Suite, which is […]
By Matthew Neely, SecureState Director of Strategic Initiatives
Recently there’s been a lot of talk in the media and at security conferences about using big data tools to detect incidents. As an information security geek, the prospect of using big data tools like Hadoop and NoSQL to plow through piles of IDS alerts […]
The intention of this article is to show how dangerous a cross-site request forgery (CSRF) vulnerability can be. It will be presented for the D-Link DIR-600 router (Hardware Version: Bx; Firmware Version: 2.16, which was the latest version at the moment of writing this article).
The CSRF vulnerability […]
Before understanding what XSS Shell is, let us recall a few basics of XSS (Cross Site Scripting).
XSS is one of the most common vulnerabilities that exist in many web applications today. XSS is a technique through which the attacker tries to compromise the web application by executing a malicious […]
In this series of articles, I am going to demonstrate how you can manually exploit the vulnerability of a web application, compared to using any automation tool, in order to find vulnerabilities in the application. Almost all companies worldwide focus on manual testing of web application rather than running […]
Here’s a challenge, root this box. We found a vulnerable machine named Hackademic RTB1. The main challlenge is to root the box with admin privileges and capture the flag.
First, we hosted the vulnerable image in VMware with bridged mode network settings. Our target is ready, but we don’t know […]
Passwords have been part of IT since long before the age of the desktop PC. However, now more than ever, systems administrators need to re-examine their password security policies to remain effective against modern programs and computers that can crack weak passwords in minutes.
Basic eight-character passwords can now be […]
This article introduces the OSI model of internet communication, and describes ARP spoofing. It’s used to attack hosts in a Local Area Network (LAN). Passive and active sniffing are described. Finally, the mitigation of ARP spoofing is briefly discussed.
2. The OSI model
This model describes the structure of internet […]
Nexpose is one of the leading vulnerability assessment tools. The Nexpose community edition is a free program and the other editions are paid ones. In this article, we will use the free Nexpose community edition, which has the ability to scan 32 hosts. The user interface is clean and […]
This post deals with the step-by-step security testing guidelines for Adobe CQ installation.
Adobe CQ is Adobe’s new Web Experience Management software portfolio which provides easy-to-use web apps for creating, managing and delivering online experiences to its users. It also supports integration with other Adobe products. CQ provides a unified […]