What is Command Database

What is command database? It was born as a simple text document with a grep script for store and search more frequently used commands in my CTF/challenge/Boot2Root activity. It is trasformed in a python script, before with txt document as database, after with SQLite. Now it is a complete web application. Is it an innovative … Continua a leggere What is Command Database

“Speedy” HTTP2 challenge on game.rop.sh

Decoder's Blog

“Speedy” is an interesting challenge hosted on http://game.rop.sh. It’s somehow strange because it has nothing to do with the normal and traditional hacking techniques… but let’s go on.

This is the main screen of the web site:

screenshot-from-2017-01-07-19-02-49

You are asked to insert some data (HTTP header manipulation?). Let’s start Burp and intercept the requests/responses.

screenshot-from-2017-01-07-18-41-28

And the response:

screenshot-from-2017-01-07-18-41-42

Oh! we got an hint: secret.php. So let’s call this page:

screenshot-from-2017-01-07-18-42-08

Hmm.. so we have to make 2 subsequent requests  with 1 ms..it would be hard manually, so let’s try to do it from command line, with nc.

A simple text file speed.req:

GET index.php HTTP/1.1

GET secret.php HTTP/1.1

cat speedy.req | nc -vv lcx.op.sh 8005

screenshot-from-2017-01-07-19-10-23

We did in 0.6 ms! But it’s not done.. another hint: h2c ?

H2C is the  HTTP2 protocol which should dramatically increase the speed of the web sites introducing mechanisms such as multiplexing and push techniques.

Here…

View original post 297 altre parole

From Joomla To Root

Prerequisites: Joomla 3.4.4 < 3.4.6 Linux kernel > 2.6 and without dirtycow patch hosting with .htaccess that interprets PHT files more more lucky for unstable rooting exploit Links: Joomla original exploit: https://www.exploit-db.com/exploits/40637/?rss or My Joomla simplest version exploit: https://github.com/ddarix/Joomla dirtycow.c exploit: https://www.exploit-db.com/exploits/40616/ Note: file with php ext or that contains php string will not upload htaccess have to … Continua a leggere From Joomla To Root

Pentest di WordPress (plugin vulnerabile)

In questo semplice pdf, vedremo un semplice esempio di vulnerabilità in wordpress. Per quanto wordpress sia mediamente sicuro, l'aggiunta di un qualsiasi plugin, introduce altro codice php e quindi id conseguenza introduce altre possibili vulnerabilità. Mentre il CMS passa tutta una serie di test dai produttori, i plugin spesso vengono rilasciati senza alcuna verifica, per … Continua a leggere Pentest di WordPress (plugin vulnerabile)