penetration testing

Setting up a PenTest Lab (Windows & Kali VMs)

Purpose The purpose of this task is to set up a home network that allows the testing of software security within a confined space, not accessible from the outside world.  You can install your applications that you test in a secured lab. For a home based lab, you can set up several VM’s to suit your needs.  Typically you’ll want some Windows varieties in the lab and your attack vector m... »

Form Fuzzing with Python and Mechanize

Another module in the Python standard library, is that of Mechanize.  Mechanize is a Python headless browser.  With Mechanize you can interact with web applications.  This could allow for headless verification of functionality (QA) or could be used in Penetration Testing. Proof of Concept with Python Mechanize In the following POC, I wrote a little script that interacted with some test web apps I ... »

Link Harvesting in Python

I’ve done extensive work with link validation in websites, using a mix of Ruby / Anemone (spidering library) and Watir (web automation library.) In this post I’ll cover a similar approach from the Python side using Python and BeautifulSoup.  What’s nice about this pairing is that it’s all part of the standard library in Python.  You don’t have to install or download a... »

Notes: Python and Packet Headers

Some notes taken from Vivek Ramachandran’s course on Penetration Testing with Python Network Packets Packets are layered in encapsulated data like so: > Ethernet > IP > TCP > Application Data First 14 bytes are the ethernet header Network Byte Order Unlike Little Endian format on a regular computer, the network protocols will send the byte ordering Big Endian format.  This means ... »

WebApp Vulnerability: System Binaries

While some compiled software applications are vulnerable to attack vectors like Buffer Overflow attacks, websites usually don’t fall prey to the same exact vector. Websites make use of a server to host the application (Jetty, Tomcat, Heroku, etc.) which hosts the app itself.  While there may be vulnerabilities in the web app, most web development frameworks (Java/Spring, Ruby on Rails, Djang... »

Buffer Overflow Basics

When you take a course on security, probably one of the more fascinating topics is getting a shell on a remote system.  In most cases the user who pops a shell on a remote system takes on the access levels of the application that was violated. Buffer Overflow The concept behind a Buffer Overflow attack is that there’s an application running on a system.  This application has a vulnerability ... »

Finding Open Ports Listening on your LocalHost (using nmap)

From RedHat’s Security Guide, you can simply use a quick nmap usage of: nmap -sT -O On a BSD system like OSX, you have to sudo the command.  Once complete it will return a list of ports open and listening for connections.   »

Python – Processes

In taking Vivek Ramachandran’s course on Python for Pentesting, in lecture 13 he deals with the subject of processes.  Personally I feel he jumps into a more intermediate/advanced topic from where we were in the previous lectures. For that reason of his jump in difficulty, I pulled some information from various sources to help digest what he’s teaching here. What is a Process vs. a Thr... »

Python & Pentesting: Signals Exercise

At the Pentester Academy I took a course called Pentesting with Python.  It’s a great course… if you have an interest in Python and Security, I highly recommend it. Task The instructor (Vivek Ramachandran) provides student exercises at the end of most of the lectures.  In lesson 16 (on signaling) he asks the students to write a Python script that does the following: Create a TCP server... »

Help! objdump displays 64bit binary in 32bit format!

In taking Vivek Ramachandran’s course x86/64 Assembly and Sellcoding on Linux  I ran into a slight problem.  When we get to video #8, he’s discussing how to trim down the size of our code by removing unused registers (using AL instead of the full RAX register for example.) He uses objdump to check the registers and see what data is stored in the registers of our executable.  When he do... »

Page 1 of 3123