g0tmi1k.com

This site works better with a little bit of Javascript RSS Blog Archives Scripts Videos DVWA - Brute Force (High Level) - Anti-CSRF Tokens This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level . It is an expansion from the "low" level (which is a straightforward HTTP GET form attack) . The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues) . For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all! Read More DVWA - Brute Force (Medium Level) - Time Delay This post is a "how to" guide for Damn Vulnerable Web Application (DVWA)'s brute force module on the medium security level . It is an expansion from the "low" level (which is a straightforward HTTP GET form attack) , and then grows into the "high" security post (which involves CSRF tokens) . There is also an additional brute force option on the main login screen (consisting of POST redirects and a incorrect anti-CSRF system). Once again, let's pretend we do not know any credentials for DVWA. Let's play dumb and brute force DVWA... again ...again ! Read More DVWA Brute Force (Low Level) - HTTP GET Form [Hydra, Patator, Burp] This post is a "how to" for the "brute force" module set to "low" level security inside of Damn Vulnerable Web Application (DVWA) . There are separate posts for the medium level (time delay) and high setting (CSRF tokens) . There is a related post for the login screen as it was also brute forced (HTTP POST form with CSRF tokens). Once more, let's forget the credentials we used to login to DVWA with ( admin : password ). Let's not try the default login for the web application. Let's play dumb and brute force DVWA... again . Read More DVWA - Main Login Page - Brute Force HTTP POST Form With CSRF Tokens Upon installing Damn Vulnerable Web Application (DVWA) , the first screen will be the main login page. Even though technically this is not a module, why not attack it? DVWA is made up of designed exercises, one of which is a challenge, designed to be to be brute force . Let's pretend we did not read the documentation , the message shown on the setup screens, as well as on the homepage of the software when we downloaded the web application. Let's forget the default login is: admin : password (which is also a very common default login) ! Let's play dumb and brute force it =). Read More Damn Vulnerable Web Application (DVWA) This is a SERIES of blog posts , which will all relate to one another, but will take time . I'm publishing as I go, but will come back and edit them in places at a later date - as well as adding in videos. Best to check back when there is the "Undocumented" Bugs/Vulnerabilities post ( that will be the last post !) ;-). The following posts will demonstrate various environments, scenarios and setups . This will cover a mixture of Operating Systems ( Linux & Windows ), range of web servers ( Apache, Nginx & IIS ), different versions of PHP (v5.4 & v5.6), databases (MySQL & MariaDB) as well as user permissions (inside the services and also the ones running services on the OS itself). DVWA also comes with a (outdated) Web Application Firewall (WAF) called PHP-IDS, which also has its own issues with! Lastly, there are "undocumented" vulnerabilities with DVWA's core which are either hidden bugs and/or unintended issues... Read More Offensive Security Wireless Attacks (WiFu) + Offensive Security Wireless (OSWP) The views and opinions expressed on this site are those of the author. Any claim, statistic, quote or other representation about a product or service should be verified with the seller, manufacturer or provider. A few months back, I took Offensive Security 's online course WiFu course & exam OSWP , as I had written up a review for PWB/OSCP & CTP/OSCE , I thought I would do this too. As always, everything in this post is both personal comments and my own experience with the course. Read More Cracking the Perimeter (CTP) + Offensive Security Certified Expert (OSCE) The views and opinions expressed on this site are those of the author. Any claim, statistic, quote or other representation about a product or service should be verified with the seller, manufacturer or provider. It's been a while (just shy of two years) since I did " Penetration Testing with BackTrack (PWB) & Offensive Security Certified Professional (OSCP) ". Over the last couple of weeks I've taken the next step with Offensive Security's training course – " Cracking the Perimeter (CTP) ", which, when successfully passed, gives you " Offensive Security Certified Expert (OSCE) " certificate. Below are my thoughts & feelings regarding my overall experience of the course. Read More pWnOS 2 (PHP Web Application) This is the second release in the " pWnOS " vulnerable machine collection, however, it has a different creator from the previous one (which explains why it has a different "feel" to it). As always with " boot2root " machines, it has purposely built "issues" allowing for the machine to become compromised, with the end goal being to become the super user, "root". This method uses a vulnerability in a PHP web application (see here for exploiting via SQL injection). Read More pWnOS 2 (SQL Injection) This is the second release in the " pWnOS " vulnerable machine collection, however, it has a different creator from the previous one (which explains why it has a different "feel" to it). As before, it has purposely built in "issues" allowing the machine to become compromised. This method uses a SQL injection flaw (see here for exploiting the PHP web application). As always with " boot2root " machines, the end goal is to become the super user, "root". Read More 21LTR - Scene 1 21ltr is another boot2root collection, with its own unique twist. It has various 'issues' with the operating system, which have been purposely put in place to make it vulnerable by design . The end goal is to become the ' super user ' of the system (aka 'root') . There is an optional stage afterwards, in which the user can try and find the ' flag ', proving (to themselves) that they successfully completed it. Read More ← Older Archives Recent Posts DVWA - Brute Force (High Level) - Anti-CSRF Tokens DVWA - Brute Force (Medium Level) - Time Delay DVWA Brute Force (Low Level) - HTTP GET Form [Hydra, Patator, Burp] DVWA - Main Login Page - Brute Force HTTP POST Form With CSRF Tokens Damn Vulnerable Web Application (DVWA) Offensive Security Wireless Attacks (WiFu) + Offensive Security Wireless (OSWP) Cracking the Perimeter (CTP) + Offensive Security Certified Expert (OSCE) pWnOS 2 (PHP Web Application) pWnOS 2 (SQL Injection) 21LTR - Scene 1 Stripe CTF 2.0 (Web Edition) Kioptrix - Level 4 (Local File Inclusion) Kioptrix - Level 4 (SQL Injection) Kioptrix - Level 4 (Limited Shell) Hackademic RTB2 Copyright © 2009- 2015 g0tmi1k ')...