This is blog is to set up your own lab environment for Apache Flink 1.9.x. There was a vulnerability published recently on exploit db and I used it as a learning tool to practice performing code review with Java.
It took me about 2 hours to find and exploit where my starting hold was just the title ‘File Upload RCE’. To set up the environment it is a quick 5 minute process. I used a Ubuntu VM for the base operating system. Below is the link to the exploit.
Step 1: Download the binary of Apache Flink 1.9.x. …
In July, a remote command execution exploit was released on an application named Zentao Pro. When I examined the application’s code, I found another area which could be exploited to gain RCE. I informed the developers via Facebook messenger and email on July 16th 2020. This exploit has only been tested on Zentao Pro 8.8.2 and 8.8.3. The original exploit is on exploit-db.
So to recap, we have a code review methodology which is a cycle of planning, reviewing, reassessing. You can see this on my other blog. …
While practicing performing code review, I have found there a good methodology is a cyclic process that repeats itself again and again. There are 3 steps:
This part of the process is fairly simple. The useful things to have at this stage is understanding what you know about the application. It is up to you how to organize this. These are some of the lists I like to keep:
After doing the AWAE course, I felt like I needed to do more practice. There are other materials such as the HTB boxes similar to OSWE. I am just adding to the collection.
Recently, there was a vulnerability reported in Zentao Pro 8.8.2 that can result in remote command execution.
This blog will just guide you through how to set up the lab and it will have some tips for you to get you going. I would rank this vulnerability as EASY.
Lab Set Up:
I have created a lab for everyone to practice testing against JSON Web Tokens. It is quite a simple lab and the goal is to modify the token so that it says you are currently the Admin user.
You can git clone the lab here: https://github.com/h-a-c/jwt-lab
I will get it running on heroku shortly.
There are 5 challenges in these labs, it should take a couple of hours to do them all.
Part 2 of the Beginner Code Review Series. Here I will be describing how the vulnerabilities found can be used to escalate privileges. I also got the code to run so it is easier for everyone to understand and not just code.
I have updated the code so it can be run after PHP 5.0. Also visit the link if the PHP scripts are not running.
Due to the lack of input sanitization on the register functionality it is possible to have a username with non-alphanumeric characters. This means…
To improve my code review skills I decided to go over Pentesterlab’s free code review exercise. It can be found at: https://github.com/PentesterLab/cr
This will be part of a series where I describe the vulnerabilities I have found, how I found it and how to fix it. The benefit of using Pentesterlab is because it already lists the vulnerabilities and my goal was to find as many as I could then compare it against the list.
The objective of this task was to perform a code review against a PHP application publicly available on Pentesterlab’s public repository. …
I recently got my email saying I passed the OSCP exam first time. This blog will illustrate the approach I used and what worked for me. I hope it helps out some of you who are trying to get it done.
(TLDR: The recommendations at the end might help)
I started my career in 2018 as a intern security consultant and then I managed to get a full time job after the internship ended. During my time I have been involved in various jobs including mobile, web, external / internal penetration tests. …