Creating Keyword Permutations to bypass WAF’s

We will see in this blog post how we can write a simple bash script to per mutate important keywords in XSS and SQLi to attempt to bypass Web Application Firewalls (WAF’s). Although there are great tools out there such as Crunch to create wordlists, these simple scripts can be advantageous in certain situations. For […]

Brute-Forcing Sub-Domains of a Website

There is a difference, between enumerating sub-domains of a website and brute-forcing sub-domain names. Netcraft does a great job of listing us the DNS entries of sub-domains, but this is not always complete. For example, cisco.com might have a web server cluster (multiple web servers) to handle the high traffic of their site. Below is […]

How to Test a Website for Click-jacking Vulnerability

What is click-jacking?  From the OWASP Website, Click-jacking is defined as: “Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. […]

Exploiting a Subdomain Takeover Vulnerability

A subdomain takeover vulnerability is when a DNS subdomain of a parent domain is pointing to a web service that has either been deleted or taken down.  These are typically CNAME records that point to a service that has lapsed or expired. Our Demonstration Setup: For example, the subdomain we will take over in this […]

How to Test HTTP Strict Transport Security (HSTS)

What is HTTP Strict Transport Security? From Wikipedia, the free encyclopedia HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections,[1] and never via the insecure HTTP […]

Utilizing a Command Injection Vulnerability to Obtain a Shell

In this scenario we will utilize a command injection vulnerability to obtain a linux reverse shell prompt on the victim webserver. The command injection vulnerability we will be using has been demonstrated in a previous blog post found here. Before we do this, we will need a some kind of shell script or command to […]

Hiding or Changing your Web Server’s Banner

Many web servers advertise their not only the software running their web sites, but also the version number of that software as well.  This makes it much easier for attackers to find vulnerabilities to attack these web servers.  A typical scan with a popular scanner, nmap, is shown below. As we can see, the web […]

Setting up a Python Twisted Instance in Docker

What is Python Twisted?  According to Wikipedia: “Twisted is an event-driven network programming framework written in Python and licensed under the MIT License. Twisted projects variously support TCP, UDP, SSL/TLS, IP multicast, Unix domain sockets, a large number of protocols (including HTTP, XMPP, NNTP, IMAP, SSH, IRC, FTP, and others), and much more. Twisted is based on the event-driven programmingparadigm, which means that users of Twisted write short callbacks which are called by the framework.” Docker Image download […]

How to Block Shodan Scans

Shodan is a internet device scanner that records geographic location, ports, certain vulnerabilities, banner info and much much more information about devices on the internet.  As Google spiders web page content and URL’s, Shodan spiders devices ports and their banners, along with other information. It might be in a network administrator’s best interests to block […]

Using the Shodan Command-Line Interface

If you are not familiar with Shodan, it is a great search engine to find devices and banners on the internet.  Want to search for ssh servers in China?  See if the United States Navy is running any outdated IIS 5.0 servers?  Find all DNS hostnames for the Ford Motor Corporation? Shodan can help us […]