Category: Penetration Testing
-
PRTG < 18.2.39 Command Injection Vulnerability
This post is as much about the penetration testing process and mindset as it is about the vulnerability I discovered in a network monitoring program called PRTG Network Monitor. This vulnerability was discovered and reported to Paessler AG, the company that develops the application. I agreed to wait at least 90 days to disclose the…
-
Password Spraying with a Twist
I have read some good posts on password spraying over the past few years, along with reviewing and using a few tools to perform this type of attack. For reference, Black Hills has a few good posts here, here, and here, and MDSec posted a cool article on Lync along with a tool here. I’ve…
-
Bypass WAF: Burp Plugin to Bypass Some WAF Devices
I wrote a blog post on the technique used by this plugin here a while back. Many WAF devices can be tricked into believing a request is from itself, and therefore trusted, if specific headers are present. The basics of the bypass approach can be found in an HP blog post here. I have been…
-
SQLiPy: A SQLMap Plugin for Burp
I perform quite a few web app assessments throughout the year. Two of the primary tools in my handbag for a web app assessment are Burp Suite Pro and SQLMap. Burp Suite is a great general purpose web app assessment tool, but if you perform web app assessments you probably already know because you are…
-
Dirscalate Tool Update – NTLM, Basic, Digest, and Cookie Auth
I have updated my dirscalate tool to now include support for NTLM, BASIC, Digest, or cookie based authentication to the web application with the directory traversal vulnerability. If you are unfamiliar with the tool, see my post here. Previously, if the site required authentication, you would have had to proxy dirscalate through something like Burp…
-
Directory Traversal to Administrator
I wrote a post a while back on turning a directory traversal vulnerability into root access on Unix or Linux systems. The post and a tool I wrote to help facilitate attacks can be found here. These vulnerabilities can be fun because they are often rated as moderate risks, with CVSS scores around 5.0, and…
-
Java Fat Client Penetration Testing and JNLP Auto-Downloads
I was recently asked to perform an application penetration test of a Java based fat client. The application used JNLP and communicated with a backend web service. The steps for this are documented elsewhere, but as a brief guide they require: Loading the JDSer-NG plugin for Burp Configuring Java to proxy through Burp Downloading all…
-
Web Services Penetration Testing with soapUI, Burp, and Macros
I test web services fairly infrequently in proportion to “standard” web applications or network penetration tests. I guess organizations are still trying to get their hands around general web application security or are oblivious to the risk of attacks at the web services layer, unaware of the high potential for remote code execution among other…
CodeWatch 