Reset root password on almost any Linux box

Ok, so this originally started off as a “Rooting Debian 7.8 and 8″ type of article. Then I suddenly realized that this had absolutely nothing to do with the distro. Instead this has to do with GRUB. So let’s get on it. It’s time to learn how to reset root password on almost any Linux box you can get your hands on using the recovery mode.
Continue reading Reset root password on almost any Linux box

Meta Slider v3.3.1 – Full Path Disclosure

Title: Meta Slider v3.3.1 – Full path disclosure
Application: Meta Slider
Websites:

Vulnerable Version: 3.3.1
Vendor: Matcha Labs
Vendor url: https://profiles.wordpress.org/matchalabs
Discovery date: 2015-04-16

Continue reading Meta Slider v3.3.1 – Full Path Disclosure

Fun with grep and command injection in web applications

The past days I have been playing around with command injection vulnerabilities when grep is used in web applications in combination with user controlled input, and possible ways to bypass different filters etc. In this article I will write about what I have found.

“Why?!”, you may ask. The reason why I decided to spend time on this is because, when searching for command injection on Google most of the examples that comes up is about pinging hosts and very little about other methods.

Continue reading Fun with grep and command injection in web applications

Today’s learning’s – More overflows, ret2libc, opcode and more

This post is a part of my “Today’s Learning’s”  series. If you’re interested in, or wonder why, I’m writing these posts please read my article named “My Journey Through 2015“.

So! Another day, more learning. Today has been a really good day for me. I’m still working on the Protostar Stack exercises, and this time I learned about how to do basic debugging of shellcode by using the opcode for INT3 debugger trap instruction. Also learned how to bypass No-eXecute (NX) protection using return to libc (ret2libc) method, and more…

Continue reading Today’s learning’s – More overflows, ret2libc, opcode and more

Today’s learning’s – Buffer overflow, gdb, and more

Welcome to the first article in my “today’s learning’s” series. Last night and today I have been working on the Stack exercises in Protostar from exploit-exercises.com. So far I’ve solved Stack 0 through 3. These exercises covers the basics of stack based buffer overflow vulnerability, and each exercise teaches you something new about it.

Even though they all have individual goals, I have set one goal myself which is to gain root shell as well as solving it as first intended.

Continue reading Today’s learning’s – Buffer overflow, gdb, and more

Installing, configuring and hardening Weechat on Linux

It’s sad to say, but the reality these days is that you can never feel safe anywhere. Not even online chatting with your friends. There are several default configurations that help disclosing sensitive information about you and the system you are running. This information can be of great value to malicious users. So in this article I will describe some steps you can take to feel a tiny bit more safe. Continue reading Installing, configuring and hardening Weechat on Linux

0x03 File Inclusion – Log poisoning to code execution

This article is a part of my file inclusion series. If you do not know about file inclusion vulnerability I suggest you read my introductory article on the topic.

In this article I will explain how we, in some scenarios, can use different types of logs on a server to gain remote execution and, in the end, shell access. This method is called log poisoning, and is the process of infecting a log file with malicious code. We can then use local file inclusion to load this code and execute arbitrary commands on the system.

This post is an extension of an old blog post I wrote which is now dead. So I’m bringing it back to life.
Continue reading 0x03 File Inclusion – Log poisoning to code execution