Posts

Showing posts from November, 2012

Man in the middle attack through a web shell

Hello all. Let’s talk today about Man in the middle attack . No, this isn’t a post talking about what it is and how to perform a MITM attack. The proposal of this blog is to share experience with you, then most of the posts (at least until now) are about things that happened in real environments. Recently performing a penetration testing it was possible to get a web shell through a combination of vulnerabilities.   That’s good… a web shell right? But how about to going deep and explore more of the environment? Yes, if you thought about reverse web shell you are right, but, in this case, I couldn’t establish an outbound connection (this is a subject for another post). I did a lot of things in such environment and one of the things done was a MITM attack through a web shell. Let’s go to some important details. First of all, it was a Windows box. There are some tools you can perform a MITM attack on Windows box such as Cain & Abel , but remember, we had a web shell and thi

Is Google exposing our old passwords?

Image
Have you ever noticed Google telling you “your password was changed X days ago” when you type your old password? And how about when you type several old passwords and Google keeps telling you the same message? That’s the security feature to tell the users on Google Accounts interface they changed their password sometimes ago, when they type an old password. Google keeps telling you this even if you: 1)       changed your password 3 months ago 2)       type all your old passwords (at least mine) 3)       access your account everyday several times a day The problem here is a brute force attack could expose passwords used by users before. If we consider there is a practice in which users have the same password for different services on the internet (and most of the time they have a pattern to create passwords, changing only one letter or number), the fact that an attacker can guess an password used by somebody by brute forcing the Google Accounts   service

SQLMap tool is your friend

Hello all! For the most of you there is nothing new talking about SQL Injection and exploitation techniques. As I friend of mine says: "SQL Injection is the pop star of the vulnerabilities". What I will show here is how SQLMap can help you to exploit tricky SQL injection vulnerabilities. Just the other day performing a penetration testing on a web application I’ve found a SQL injection flaw. In order to find such vulnerability I was only browsing the application (doing some recognition) and by changing the ID parameter in the follow URL it was enough to give me some clue about the flaw: https://target.com.br/index.php?a=info&ID=32 ' Result: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 Well, I was happy to have found it and I started the process to find a way to exploit it. First of all I decided for the UNION techni