Deserialization of flask app and memcached

The flask app caches the logon session in the memcache daemon, in python pickle is used to serialize and deserialize data. Serialization is a process of converting the python's object into byte stream for transport over the network or convert the python object into byte stream for storing into a file. Deserialization is to convert … Continue reading Deserialization of flask app and memcached

Pentest report on Helpdesk

Executive Summary Helpdesk is a Windows 2008 Standard server which hosts ManageEngine ServiceDesk Plus (SDP) 7.6 web application, the ManageEngine SDP version suffers from multiple vulnerabilities, amongst multiple vulnerabilities we used two exploits. Sql injection - We are able to read proof.txt from C:\Users\Administrator\Desktop\Arbitrary file upload - We uploaded a malicious reverse shell java war … Continue reading Pentest report on Helpdesk

Pentest report on Nickel

Executive Summary We are able to obtain the first success criteria - local.txt and second success criteria (proof.txt) - due to simple crackable passwords of username - ariah. During the penetration testing we have obtained two passwords related to username - ariah, one is for ftp/ssh login the other is FileZilla FTP server administration login. … Continue reading Pentest report on Nickel

Pentest report on livda

Executive summary This section summarizes on how I can gain initial foothold until privilege escalation. The pentest of livda reveals there is a password disclosure flaw while doing directory listing with account admin in the FTP server, this is possible because zFtpserver has an easily guessed credential - admin:admin. By login to livda as admin … Continue reading Pentest report on livda

[security] File descriptor connecting to nix system and danger of using exec() in python

I have been writing python for quite a while about 2 years to be exact and mostly I am writing network related scripts or API calling scripts, but I have never used the python statement exec before, according to the help the exec is to execute the python statements. So supposed I need to print … Continue reading [security] File descriptor connecting to nix system and danger of using exec() in python

[security]Update new exploitdb script to metasploit

So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017. The ruby script that … Continue reading [security]Update new exploitdb script to metasploit

[security] File upload

The lab uses metasploitable. This lab gives awareness of file upload vulnerability, there are three levels of security - low, medium and high, the objective is to try to upload a forward shell code then connect to it to gain the server access. Low security This is the php code of low security file upload: … Continue reading [security] File upload

[python]Cisco FMC REST API example – GET Server version and add device to Cisco FMC

Introduction The version used for this lab is Cisco FMC 6.4.0, and Cisco FTD used is 6.3.0. To access the Cisco FMC REST API, you need to ensure it is enabled. You can test it by going to https:///api/api-explorer if you can see the swagger like documentation then the REST API is enabled, you can … Continue reading [python]Cisco FMC REST API example – GET Server version and add device to Cisco FMC

[python]Grow commands from a template with jinja2

Problem I made a template to push object network configuration to Cisco ASA, this is how the template looks like: conf_attr is the keyword to store the payload I sent to Cisco ASA via Nornir/netmiko, the problem with this template is only one command is sent per session. In order to commands to be sent … Continue reading [python]Grow commands from a template with jinja2

[python]Capture return values after threads are finished.

Return value lost after threads finished I have made two functions: The jinja template for preparing the object network {name} command: Then I create a test code to push multiple object network {name} commands to a single cisco asa - fw02. To achieve concurrency I use the threading.Thread module, however my return value of send_net_objs_to_asa_host … Continue reading [python]Capture return values after threads are finished.