Category Archives for Security
A cheat-sheet for password crackers
A cheat-sheet for password crackers that may come in handy sometime, by m3g9tr0n.
Windows privilege escalation guide
Ryan McFarland writes on his blog: “Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you start to filter through what is normal and what isn’t. It eventually becomes easier to know what to look for rather than digging through everything hoping to find that needle in the haystack. Hopefully this guide will provide a good foundation to build upon and get you started.”
Help Net Security reviewed Acunetix 11
Acunetix 11 Review by Help Net Security. Acunetix is one of the biggest players in the web security arena. The European-based company released the first version of their product back in 2005, and thousands of clients around the globe use it to analyze the security of their web applications. They recently unveiled Acunetix version 11, so Help Net Security decided to take it for a spin.
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
Microsoft Security Advisory 4021279: Microsoft is releasing this security advisory to provide information about vulnerabilities in public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly.
Penetration Testers’ Guide to Windows 10 Privacy & Security
Andrew Douma, a vendor-neutral consultant, writes in Penetration Testers’ Guide to Windows 10 Privacy & Security:
Joomla (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit
Yesterday, Melvin Lammerts wrote an article on the account creation with elevated privileges vulnerability in Joomla < 3.6.4. And included a PoC exploit. This Joomla vulnerability makes it easy for an attacker to create an user account, even when user registration is turned off. Yikes!
Samsung’s smart camera. A tale of IoT & network security
Pen Test Partners writes about IoT and security in the Samsung smart camera SNH-6410BN. They discovered eleven (11) issues, chained together to gain root access. Got r00t?
“How we broke PHP, hacked Pornhub and earned $20,000”
This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.
MySQL DoS in the Procedure Analyse Function – CVE-2015-4870
Sri Lankan Security researcher Osanda Malith discovered a DoS -or crash- vulnerability in MySQL’s Procedure Analyse Function. The vulnerability crashes MySQL versions up to 5.5.45.
Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all
Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.
XSS Vulnerability in Wordfence 6.1.1 to 6.1.6
Security researcher Kacper Szurek reported a reflected XSS vulnerability in the current version of Wordfence. The CVSS scoring mechanism rates the severity of this XSS vulnerability as medium. A Wordfence update 6.1.7 is released to address the XSS vulnerability.
WordPress 4.5.2 Security Release
WordPress 4.5.2 – a security release – is just released tonight. WordPress 4.5.2 fixes a vulnerability through Plupload, the third-party library WordPress uses for uploading files.
ImageMagick Is On Fire – CVE-2016-3714
TL;DR: There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
Binary webshell through OPcache in PHP 7
GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.
.NET Framework 4.6 allows side loading of Windows API Set DLL
Securify reports: A DLL side loading vulnerability was found in the .NET Framework version 4.6 when running on Windows Vista or Windows 7. This issue can be exploited by luring a victim into opening an Office document from the attacker’s share. An attacker can use this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet. This issue can be exploited even if the Office document is opened in Protected View.