Hi everybody, today I’ll talk about the pseudo-tty idea I had and why I decided to stop the development of that module and why. ReGeorg ReGeorg is a module that could be applied to multiple language, it is made so that you will be able to proxy a TCP connection through a script. The …
Hi, today a really quick article about Amazon WebServices and the way it operates. Quick summary EC2 servers are Amazon’s equivalent of dedicated servers, while S3 are considered as buckets and are used to store files (it operates as a CDN). While on those instances, a MetaData server is available at that address: http://169.254.169.254/latest/meta-data/hostname Accessing …
Phew, so I just spent my whole day debugging a supposedly RCE I got during an assessment. I’ll talk in this article about what happened and how I managed to debug a faulty plugin. Long story short So, I won’t explain how I got access to the admin page for obvious reasons but what …
Hi everybody, today I’m a little bit late but I’ll do a final article about Tapestry. I’ll write about the form system since I spent a little bit of time auditing it. How does it work? The framework will send a parameter to add to each form (as a hidden form value), which will act …
Hi, today I’ll do a quick article that’s talking primarly about security but I won’t enter it into the pentest category since the question I didn’t develop a solution yet. The need for a pseudo-tty Why should we need a pseudo-tty? During a pentest, there are a lot of cases where you would need …
Hi everybody, today I’ll talk about Express, which is a NodeJS framework used to create web applications and how to abuse it to exploit a directory traversal on some implementations. Directory traversal You probably already know what is a directory traversal, but in short, it is based on the ability to use “../”, which …
Hi, today I’ll write a quick article on how to tunnel a linux server through a bounce you don’t want to give access easily. The steps are pretty easy to do: Creating a virtual machine The virtual machine will act as the server the victim will connect to. Because we don’t want to give an …
Hi everybody, this week I’ll be traveling for work, so I won’t have a lot of time to do lenghty articles. The subject of the day is gonna be security again, more specifically about web and CORS. CORS CORS or Cross-Origin Resource Sharing is a mechanism using HTTP headers to specify that an application running …
Hi, today a really quick article about how to chain multiple VPNs, as it could always be useful (for anonymity reason, or because you can’t access another vpn host directly). Chaining through a virtual machine This one is really easy, all you have to do is setup a VPN on your host machine then connect …
Hi, today I’ll do a quick preamble article about NoSQL Injection, more specifically on MongoDB. I found an interesting way to call the $where operator when you’re in an NoSQL injection inside a field. Current techniques Normally, you are not supposed to be able to call the $where operator since it is a top-level …