Command Line Russian Roulette

Ok, so I had this on my old blog, and I can still see quite a few 404 requests to this link, so i decided to do something about it.

Basically what this code does is that it takes a $RANDOM number and calculates it with modulus 6. If the answer is 0 it will execute the command  rm -rf / which means it will recursively delete files starting from the root of the machine.

/!\ IMPORTANT /!\

This WILL fuck up your computer badly!!

0x01 File Inclusion – The Basics

This is the first article in my series about file inclusion . I will not go into any heavy technical details, since this is meant as a basic introduction. We will look at what this vulnerability is about, and how malicious users can take advantage of it.

So let’s just get on with it… (more…)

XSS through Exif headers

In this article we will look at how we can execute XSS through Exif headers. This is a less known entry point that can be exploited to attack your website which is overlooked by most developers who’s not also well updated about security as well.

(more…)

Hack.lu ImageUpload write up

In this level of the Hack.lu CTF I had to get the admin credentials to log in and retrieve the flag.

(more…)

Hack.lu Encrypted write up

In this level of the Hack.lu CTF we needed to log in as admin to gain access to the flag. (more…)

HumHub XSS and input validation

So, a while back I was on the hunt for an open source project that I could play around with to see if I could find some vulnerabilities. I went to Github and checked out trending PHP projects, and HumHub was on the very top, and decided to go with that. (more…)

Shellshock proof of concept – Reverse shell

This article is a shellshock proof of concept which will explain how this vulnerability can be used to gain reverse shell.

So last night Twitter started lighting up with tweets about a new vulnerability, a 0day, in bash that enabled arbitrary code execution on vulnerable systems. The activity has only escalated since, and the information is now everywhere.

(more…)

Regular expressions and unicode character properties

Unicode has brought headaches to developers all around the world. It has caused countless hours of trial and error, sleepless nights and probably a decent amount of hair loss as well. After fine tuning complex patterns it turns out that it doesn’t really work any ways.

If you have ever had to work with regular expressions you have seen patterns like /[a-zA-Z0-9]+/ or /[\w\d]/. There’s nothing wrong with these patterns but if you have to work with unicode string you’re screwed. So through this post I will try and explain as good as possible how to work with unicode character properties in regular expression. (more…)

Two step password hashing with hmac and bcrypt

In this article we will look at how we can perform two step password hashing using hmac and bcrypt. The approach explained in this post is the same standard used by the Mozilla security team.

Many people might see this as an overkill or think that “my application is so small that I don’t need it”. No matter the scale of your application, as long as you have your system available in the world wide web you are a possible target for attackers. Even though you only have one member on your site that memeber’s security is just as important as if you had 1 billion members. (more…)

How to migrate hashed passwords

So, you have realized that the way you have hashed your users passwords needs to be updated, but you don’t want to cause any extra trouble for your users by forcing them to change password. In this article I will explain how you can migrate hashed passwords without your users knowing because their password remains the same.

From my previous experience this is one of the main reasons why people are so hesitant of updating their stored hashes. They are afraid what their users will say. So this fear actually in many cases causes systems to remain insecure, and the day they get breached they regret that nothing was done earlier while the users information is leaking all over the internet. (more…)