Hi, today a really quick article about Amazon WebServices and the way it operates. Quick summary EC2 servers are Amazon’s equivalent of dedicated servers, while S3 are considered as buckets and are used to store files (it operates as a CDN). While on those instances, a MetaData server is available at that address: http://169.254.169.254/latest/meta-data/hostname Accessing …
Phew, so I just spent my whole day debugging a supposedly RCE I got during an assessment. I’ll talk in this article about what happened and how I managed to debug a faulty plugin. Long story short So, I won’t explain how I got access to the admin page for obvious reasons but what …
Hi everybody, today I’m a little bit late but I’ll do a final article about Tapestry. I’ll write about the form system since I spent a little bit of time auditing it. How does it work? The framework will send a parameter to add to each form (as a hidden form value), which will act …
Hi, today I’ll continue a little bit my exploration about Apache Tapestry. Here’s what I learned today. General architecture of Tapestry Tapestry presents itself as a way to code with an object oriented-programming web applications. It means that when you setup a “page” in tapestry, you won’t have to think in terms of requests, parameters …
Hi everybody, this time, same treatment, I don’t think it deserves its own article so I just don’t categorize it, however it is a pentesting article. I had to test an application using Apache Tapestry today, which is a Java Web Framework, similar to faces or wicket. URLencoding The most obvious thing once you test …
Hi, today I’ll do a quick article that’s talking primarly about security but I won’t enter it into the pentest category since the question I didn’t develop a solution yet. The need for a pseudo-tty Why should we need a pseudo-tty? During a pentest, there are a lot of cases where you would need …
Hi, today I’ll write a quick article on how to tunnel a linux server through a bounce you don’t want to give access easily. The steps are pretty easy to do: Creating a virtual machine The virtual machine will act as the server the victim will connect to. Because we don’t want to give an …
Hi everybody, this week I’ll be traveling for work, so I won’t have a lot of time to do lenghty articles. The subject of the day is gonna be security again, more specifically about web and CORS. CORS CORS or Cross-Origin Resource Sharing is a mechanism using HTTP headers to specify that an application running …
Hey, today I’ll talk about security and more specifically pentest once again. I feel lucky these days because I feel I learn new things every weeks at least. Today I’ll talk about server-side JavaScript but not on MongoDB, rather I’ll speak about GatewayScript, which is a proprietary language by IBM. GatewayScript GatewayScript is used mainly …
Hi everybody, today I’ll talk about Google Web Toolkit, or GWT. This is something I had in my current assessment and I never had to do it before. Quick description Google Web Toolkit is a set of tools used to create complex tools using JavaScript to interface with Java applications. It has a special …