Ok, so this originally started off as a “Rooting Debian 7.8 and 8″ type of article. Then I suddenly realized that this had absolutely nothing to do with the distro. Instead this has to do with GRUB. So let’s get on it. It’s time to learn how to reset root password on almost any Linux box you can get your hands on using the recovery mode.
Continue reading Reset root password on almost any Linux box
Title: Meta Slider v3.3.1 – Full path disclosure
Application: Meta Slider
Continue reading Meta Slider v3.3.1 – Full Path Disclosure
Title: iThemes Security v4.6.12 Stored XSS
Discovered by: Ole Aass
Vendor url: https://ithemes.com/
Application: iThemes Security
Vulnerable Version: 3.0.0 – 4.6.12
Continue reading iThemes Security 4.6.12 – Stored XSS
The past days I have been playing around with command injection vulnerabilities when grep is used in web applications in combination with user controlled input, and possible ways to bypass different filters etc. In this article I will write about what I have found.
“Why?!”, you may ask. The reason why I decided to spend time on this is because, when searching for command injection on Google most of the examples that comes up is about pinging hosts and very little about other methods.
Continue reading Fun with grep and command injection in web applications
I have been reading the book “The Hacker Playbook” which recommends some additional tools to what Kali Linux already comes with. There’s quite a few of additional tools as well, and it’s a pain in the ass to do it all manually. So I decided to make a bash script to automate the process.
Continue reading Kali Linux additional tools setup
This post is a part of my “Today’s Learning’s” series. If you’re interested in, or wonder why, I’m writing these posts please read my article named “My Journey Through 2015“.
So! Another day, more learning. Today has been a really good day for me. I’m still working on the Protostar Stack exercises, and this time I learned about how to do basic debugging of shellcode by using the opcode for INT3 debugger trap instruction. Also learned how to bypass No-eXecute (NX) protection using return to libc (ret2libc) method, and more…
Continue reading Today’s learning’s – More overflows, ret2libc, opcode and more
Welcome to the first article in my “today’s learning’s” series. Last night and today I have been working on the Stack exercises in Protostar from exploit-exercises.com. So far I’ve solved Stack 0 through 3. These exercises covers the basics of stack based buffer overflow vulnerability, and each exercise teaches you something new about it.
Even though they all have individual goals, I have set one goal myself which is to gain root shell as well as solving it as first intended.
Continue reading Today’s learning’s – Buffer overflow, gdb, and more
Ok, so I started off 2015 telling everyone that this year I would spend as much time outside of my comfort zone as possible, and study parts of security that I have never taken the time to explo(it|re). With this in mind, and the wish for taking the OSCP next year, I decided to use the PWK syllabus as my curriculum. Continue reading My journey through 2015
It’s sad to say, but the reality these days is that you can never feel safe anywhere. Not even online chatting with your friends. There are several default configurations that help disclosing sensitive information about you and the system you are running. This information can be of great value to malicious users. So in this article I will describe some steps you can take to feel a tiny bit more safe. Continue reading Installing, configuring and hardening Weechat on Linux
This article is a part of my file inclusion series. If you do not know about file inclusion vulnerability I suggest you read my introductory article on the topic.
In this article I will explain how we, in some scenarios, can use different types of logs on a server to gain remote execution and, in the end, shell access. This method is called log poisoning, and is the process of infecting a log file with malicious code. We can then use local file inclusion to load this code and execute arbitrary commands on the system.
This post is an extension of an old blog post I wrote which is now dead. So I’m bringing it back to life.
Continue reading 0x03 File Inclusion – Log poisoning to code execution