Month: September 2018

Exploiting a Subdomain Takeover Vulnerability

A subdomain takeover vulnerability is when a DNS subdomain of a parent domain is pointing to a web service that has either been deleted or taken down.  These are typically CNAME records that point to a service that has lapsed or expired. Our Demonstration Setup: For example, the subdomain we will take over in this […]

How to Test HTTP Strict Transport Security (HSTS)

What is HTTP Strict Transport Security? From Wikipedia, the free encyclopedia HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections,[1] and never via the insecure HTTP […]

Utilizing a Command Injection Vulnerability to Obtain a Shell

In this scenario we will utilize a command injection vulnerability to obtain a linux reverse shell prompt on the victim webserver. The command injection vulnerability we will be using has been demonstrated in a previous blog post found here. Before we do this, we will need a some kind of shell script or command to […]

Hiding or Changing your Web Server’s Banner

Many web servers advertise their not only the software running their web sites, but also the version number of that software as well.  This makes it much easier for attackers to find vulnerabilities to attack these web servers.  A typical scan with a popular scanner, nmap, is shown below. As we can see, the web […]