Posts Tagged: linux

If you’re interested in removing some of the memory protections (especially around RWX) in the Linux kernel version 5+, here are some pointers: In the arch folder, edit the Kconfig file, and look for config STRICT_KERNEL_RWX and config STRICT_MODULE_RWX. You can change their default value to the values below. In the init folder, edit the… Read Article →

Here is a really small Go reverse shell (30-ish lines of code that includes comments). Environment setup: Download/install Go from here. If you use Windows, you may want to download/install the TDM-GCC compiler from here as well. Code: First, we need to define what libraries we need: import “net” import “fmt” import “bufio” import “os/exec”… Read Article →

I’ve made some changes to bytefuzz to support files generated by other fuzzers. I’ve used the domato fuzzer to generate 1000 html files and then through bytefuzz, I’ve sent those files to a browser that I use when I do web app security testing. And soon enough, I got some interesting results… 🙂  

Let’s assume you have a program that just crashed and you have a core dump. You can enable core dumps by using the ulimit -c unlimited command. If you want to analyze what happened, here are some steps you can follow: //This will switch the disassembly listing to intel format. (gdb) set disassembly-flavor intel //To… Read Article →

If you want to do web app security testing using either Chrome or Chromium, you may want to disable a few security options so you can actually go through your test cases. You can use the same command line parameters for both of them: /usr/bin/chromium –disable-web-security –disable-xss-auditor –ignore-certificate-errors –user-data-dir=/pentesting/web/temp/data –proxy-server= This works for both Linux… Read Article →

Today we’re going to look at using sqlmap when the target website uses base64 encoded parameters. For example, we have something like: http://<target>/products/article.php?art_id=<base64_encoded_value> In this case we have to “convince” sqlmap that when scanning, to use base64 for all payloads. Well, I guess it’s a good thing that sqlmap has the following option which allows… Read Article →

Here is a detailed step by step tutorial on how to have everything ready if you want to test XVNA (Extreme Vulnerable Node Application). Base OS: Ubuntu 16.04 First, we need to install mongodb, nodejs and git: apt-get install monodb apt-get install nodejs apt-get install git We then clone the XVNA’s repository: git clone Once… Read Article →

The journey to the Certified Linux Admin, that is. Thank you to the @malwrforensics admin for hosting me for a while. He thought would be fun to have a rookie sharing her steps to get the CompTIA Linux+ certification. After some research, I got myself a subscription to Linux Academy, Comptia Linux + LPIC-1 Certification by… Read Article →

As suggested by Intel in their Intel Analysis of Speculative Execution Side Channels  whitepaper, the recommended mitigation for Spectre (CVE-2017-5753) is to use the LFENCE instruction (“LFENCE does not execute until all prior instructions have completed locally, and no later instruction begins execution until LFENCE completes”). This will stop the bounds check bypass method that relies… Read Article →

This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended. The open redirect vulnerabilities are checked against The tool is released for testing purposes ONLY! How to use: Just point and… Read Article →

Scroll To Top