In this blogpost we will look at how we can implement Cross-Site Request Forgery protection via Synchronizer Token Patterns(STP). First things first – As you would have noticed already, this blog is primarily focused on security. Hence, to get started, I will integrate the OWASP dependency check plugin to my project. With Maven, we blindly […]
Before considering applying access control lists, firewalls and other such controls to protect your network, we must consider physical security. Because, if an adversity can easily access and tamper our devices physically, what is the point of other controls? In this post we will dive in to physical security for your network. Physical Security Categorization […]
In my previous blog post, I wrote on how to bypass grub in Linux. Therefore in this blog we will look at how to prevent grub bypass. So we know by now that sometimes this can be problematic. But sometimes when we don’t need security we can simply grub as it is. If you need […]
Did you just install some linux distro in your VM? or your own machine? Were you doing it by watching a tutorial on the web? Did you install grub? Have you password protected the user? Yes? Then you are secure right? The answer to that is NO! The Problem : Bypassing grub can be done […]
Firstly, we must download and extract the given Box named ‘Vulnix’ and set up the network configurations, so as to make sure that the Vulnix Box and our Kali box are on the same network. Once that is done, we must start both VMs. Identifying the victim machines IP In order to identify which IP, […]
This penetration test assignment is done for the OM NOM NOM NOM Challenge of CYSCA2014. When we hear the term OM NOM NOM NOM what comes to our mind, is that that is the sound made by the cookie monster on the “Sesame Street” TV show. So this could be something to do with cookies. […]
In This blog post we will be looking at how Metasploitable 2 virtual machine can be exploited. We will be using Metasploit and other tools to the hacking. ssh_keygen Details: Unlike earlier exploits where metasploit was used, in this it is not used. We are exploiting using generating keys unreal_irhd_3281_backdoor Details: we use a backdoor to exploit the Linux system. We only need to give the RHOST IP before exploiting. distcc_exec Details: Only the RHOST IP needs to be given by us.
This post will comprise of a step by step walk through of how I exploited 3 vulnerabilities in a deliberately vulnerable windows 2000 virtual machine. ms01_23_printer Details about the vulnerability : As shown in this picture, all that it needs to know is the RHOST IP. Once it was given and exploited, A remote session to the windows machine was created as shown below. m06_40_netapi Details about the vulnerability: Similar to the previous exploit, all this needed was also is the RHOST IP. ms08_67_netapi Details: likewise, All we need to give is RHOST IP.
One of the main things needed for CTFs are using Burpsuite to intercept traffic. This guide will help users understand basics of Burpsuite. Defining Target Scope in Burpsuite. Here we have defined what should be included in our scope and excluded from our scope. The entry in the include section was defined by us and […]
In this blog post we will be looking at how to get started with Oracle DB. Undoubtedly, oracle is considered to be one of the most secure database management systems. Hence, many organizations around the world use Oracle DB. Here are some of the security features in Oracle DB: Data Dependent Access Control ,Role Based […]