Executive Summary Helpdesk is a Windows 2008 Standard server which hosts ManageEngine ServiceDesk Plus (SDP) 7.6 web application, the ManageEngine SDP version suffers from multiple vulnerabilities, amongst multiple vulnerabilities we used two exploits. Sql injection - We are able to read proof.txt from C:\Users\Administrator\Desktop\Arbitrary file upload - We uploaded a malicious reverse shell java war … Continue reading Pentest report on Helpdesk
Executive Summary We are able to obtain the first success criteria - local.txt and second success criteria (proof.txt) - due to simple crackable passwords of username - ariah. During the penetration testing we have obtained two passwords related to username - ariah, one is for ftp/ssh login the other is FileZilla FTP server administration login. … Continue reading Pentest report on Nickel
Executive summary This section summarizes on how I can gain initial foothold until privilege escalation. The pentest of livda reveals there is a password disclosure flaw while doing directory listing with account admin in the FTP server, this is possible because zFtpserver has an easily guessed credential - admin:admin. By login to livda as admin … Continue reading Pentest report on livda
I have been writing python for quite a while about 2 years to be exact and mostly I am writing network related scripts or API calling scripts, but I have never used the python statement exec before, according to the help the exec is to execute the python statements. So supposed I need to print … Continue reading [security] File descriptor connecting to nix system and danger of using exec() in python
So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017. The ruby script that … Continue reading [security]Update new exploitdb script to metasploit
The lab uses metasploitable. This lab gives awareness of file upload vulnerability, there are three levels of security - low, medium and high, the objective is to try to upload a forward shell code then connect to it to gain the server access. Low security This is the php code of low security file upload: … Continue reading [security] File upload
This is an old hacking lab game. Summary Steps 1. View the source code of the page to find hints. 2. Use burpsuite proxy. 3. add the root to the item scope, then do web spidering.
Blind SQL injection A web application that is vulnerable to SQL injection may display SQL error that looks like this:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1. This error provide information that this web … Continue reading Test blind sql injection
Target = DVWA version 1.0.7 nmap the target The -sS is to use TCP syn, -sV is to find out the version of the service, -Pn is to disable ping to save time, -v(or multiple vs) is for verbose output. From the nmap we know that the dbms is mysql. SQLmap Manual injection The strange … Continue reading Test for sql injection
I came across an interesting article that longrifle0x has found a vulnerability for script execution within Google Earth. So I decided to test with metasploit, in an attempt to see if the payload can be sent to victim, but it was sandboxed, the popup warning was suppressed.