Frustration is my fuel
What we are defending against. Quick demos showing simple exploits or bypass techniques to help you spot malicious activity.
Mutillidae is a great open source project you can use to tech yourself webapp security, which is maintained by @webpwnized, and is great for learning how to secure webapps, check it out A quick video showing why you need both server and client side input validation. Here we bypass client side validation using Burp Suite …
Continue reading "Mutillidae Solution (Bypass Client Side Validation)"
Mutillidae is a great open source project you can use to tech yourself webapp security, which is maintained by @webpwnized, and is great for learning how to secure webapps, check it out. Here we have another example of simple Sql Injection. In the previous example we bypassed the authentication controls, in this example we dump …
Continue reading "Mutillidae Solution “SQL Injection User Data Dump”"
Mutillidae is a great open source project you can use to tech yourself webapp security, which is maintained by @webpwnized, and is great for learning how to secure webapps, check it out. Another quick video showing how SQL Injection can be used to bypass a login page. This is a very basic example, but it …
Solution for Pentesterlab File Upload 2 This also shows that even with file validation controls an attacker can manipulate file extensions to get the .php shell through the filters. The result is the same, from here the attacker can view files or upload their own to inject malicious content into the site. All visitors to …
Continue reading "Pentesterlab Solution for “Web for Pentester File Upload 2”"
Another fast solution for a Pentesterlab challenge This also shows how quickly a webserver can be exploited.. The site has a simple File Upload control, but it has no validation which allows us to upload a php shell and get access to the whole system. Using this shell we can steal password hashes or upload …
Continue reading "Pentesterlab Solution for “Web for Pentester File Upload 1”"
To demonstrate this we are using the "XSS and MySQL File" VM from Pentesterlab.com Here we demonstrate why you should be filtering any user input. This shows how easy it is for an attacker to plant some malicious code on a site and steal the admin login credentials (Or another user), by using Cross-Site-Scripting. There …
If you want to understand how we managed to exploit this website then watch Part 1. In this video we start off by using "wget" to clone the site we are attacking so when users are redirected to our site they are less suspicious as any differences are subtle, and wont generally be noticed by …
Continue reading "Pentesterlab Solution “SQL Injection Redirect” Part 2"
This quick video shows the solution for the "SQL Injection Redirect" challenge. It also shows how an attacker can leverage SQL Injection to redirect users to their own site/webpage for whatever malicious activity they choose. This will be in two parts. The first will show how using a tool called sqlmap we can carry out …
Continue reading "Pentesterlab Solution “SQL Injection Redirect” Part 1"
This is a quick video which shows in a very basic way how important encryption is. It is important to practice defense in depth, so even if an attacker manages to gain persistence on your network and is able to "man-in-the -middle" your network connections, encryption gives another layer of protection meaning communication is not …
Continue reading "The Importance of Encryption. Simple Demo"
In the next of our short videos we show why download warnings should not be ignored. We are using a Windows 7 machine just for ease, this will also work in Windows 10 (I haven't gotten around to updating all my test victim machines yet!) When you are browsing the internet and trying to find …
@2codemonte 