Category: Hacking

Creating Keyword Permutations to bypass WAF’s

We will see in this blog post how we can write a simple bash script to per mutate important keywords in XSS and SQLi to attempt to bypass Web Application Firewalls (WAF’s). Although there are great tools out there such as Crunch to create wordlists, these simple scripts can be advantageous in certain situations. For […]

Brute-Forcing Sub-Domains of a Website

There is a difference, between enumerating sub-domains of a website and brute-forcing sub-domain names. Netcraft does a great job of listing us the DNS entries of sub-domains, but this is not always complete. For example, might have a web server cluster (multiple web servers) to handle the high traffic of their site. Below is […]

How to Test a Website for Click-jacking Vulnerability

What is click-jacking?  From the OWASP Website, Click-jacking is defined as: “Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. […]

Exploiting a Subdomain Takeover Vulnerability

A subdomain takeover vulnerability is when a DNS subdomain of a parent domain is pointing to a web service that has either been deleted or taken down.  These are typically CNAME records that point to a service that has lapsed or expired. Our Demonstration Setup: For example, the subdomain we will take over in this […]

How to Test HTTP Strict Transport Security (HSTS)

What is HTTP Strict Transport Security? From Wikipedia, the free encyclopedia HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections,[1] and never via the insecure HTTP […]

Utilizing a Command Injection Vulnerability to Obtain a Shell

In this scenario we will utilize a command injection vulnerability to obtain a linux reverse shell prompt on the victim webserver. The command injection vulnerability we will be using has been demonstrated in a previous blog post found here. Before we do this, we will need a some kind of shell script or command to […]

Hiding or Changing your Web Server’s Banner

Many web servers advertise their not only the software running their web sites, but also the version number of that software as well.  This makes it much easier for attackers to find vulnerabilities to attack these web servers.  A typical scan with a popular scanner, nmap, is shown below. As we can see, the web […]

Using the Shodan Command-Line Interface

If you are not familiar with Shodan, it is a great search engine to find devices and banners on the internet.  Want to search for ssh servers in China?  See if the United States Navy is running any outdated IIS 5.0 servers?  Find all DNS hostnames for the Ford Motor Corporation? Shodan can help us […]

Simple OS Command Injection

Below is an example of simple OS command injection. OS command injection is a vulnerability where we can inject an Operating System command into the URL or code of a web page and have it execute on the server. This is a critical flaw and can be used to run commands on the webserver underlying […]