Windows privilege escalation guide

Ryan McFarland writes on his blog: “Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you…

Continue reading Windows privilege escalation guide

Cracking PHP rand()

Sjoerd Langkemper writes about Cracking PHP rand(): Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling rand() multiple…

Continue reading Cracking PHP rand()

Secure WordPress uploads folder, disable PHP execution

Deny direct access to PHP files in wp-content/uploads/ The following PHP function secures your WordPress website by disabling the execution of PHP scripts in wp-content/uploads, on Windows Server IIS web servers. It creates a web.config file for this purpose. Did this post helped you solve a problem? Or dit you find it interesting? Support Sysadmins…

Continue reading Secure WordPress uploads folder, disable PHP execution

Joomla websites abused as open proxy for Denial-of-Service attacks

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis… Did this post helped you solve a problem? Or…

Continue reading Joomla websites abused as open proxy for Denial-of-Service attacks

Increase in SQL injection attacks

Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity – on various web sites and databases – has the following characteristics: Did this post helped you solve a problem? Or dit you find…

Continue reading Increase in SQL injection attacks

MySQL sleep() attacks

MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting “AND sleep(3)” in the address bar… Happy SQL injection! Did this post helped you solve a problem? Or dit you find it interesting? Support Sysadmins of…

Continue reading MySQL sleep() attacks

How to test SMTP Authentication and StartTLS

When investigating SMTP authentication issues, particular over TLS encrypted SMTP connections, it’s always handy if you are able to test the SMTP authentication and StartTLS connection. Preferably from your command line. This post shows you how to test SMTP servers, verify SMTP authentication and StartTLS encrypted connections from the Linux and Windows command line. Did…

Continue reading How to test SMTP Authentication and StartTLS

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org… This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my…

Continue reading prettyPhoto DOM based XSS

Grep for forensic log parsing and analysis on Windows Server IIS

How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I’ll give some real live examples of using these ported GnuWin tools like grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts…

Continue reading Grep for forensic log parsing and analysis on Windows Server IIS

“htaccess files should not be used for security restrictions”

Acunetix’ Bogdan Calin wrote an article explaining why .htaccess files should not be used to secure sensitive data: htaccess files should not be used for security restrictions. Did this post helped you solve a problem? Or dit you find it interesting? Support Sysadmins of the North with a direct donation via Paypal of by bank…

Continue reading “htaccess files should not be used for security restrictions”