In this post we’ll have a closer look at .NET serialization/deserialization attacks. We’ll have a .NET (C#) vulnerable code as an example (inspired by James’s work) and we will walk through it to see where the issue lies. using System;…
Let’s assume you have created an account and have logged in to a website. Among the options you have, there is one where you can edit your profile. Once we land on that page, we want to check if there…
A Javascript Monero miner was added to the “BrowseAloud Plus v2.5.0 (13-09-2017)” library. The code will load the coinhive.min.js library and will start mining coins for account with the key: 1GdQGpY1pivrGlVHSp5P2IIr9cyTzzXq.
It’s always handy to have a good checklist when it comes to web app pen-testing. It’s even better to have some examples for each case 🙂 We’ll start with more “general” cases and then dig deeper into some obscure or…
While it’s definitely easier if the “<” and “>” tags are allowed, one can “convince” the target website to run javascript even if the tags are escaped. For example we have this search box: Once we run the search, we…
Here is a python script to check if any banned windows APIs are present in C source/header files. It’s useful to find where vulnerable code might be present. The script gets as an argument a folder name and then recursively…
For 64-bit executables/PE files, there are a couple of changes in the PE header offsets. Don’t consider the size of the OptionalHeader as 0x74, instead use the “SizeOfOptionalHeader” from the _IMAGE_FILE_HEADER. There is no longer a BaseOfData field, instead ImageBase…
Here are some detailed instructions on how to install pydbg. In its most basic form, you need the following to execute a program: from pydbg import * from pydbg.defines import * def exception_handle(dbg): print(dbg.dump_context()) raw_input(“Press enter to continue…”)…
Set the Windows VM for debugging: bcdedit /debug on bcdedit /dbgsettings serial debugport:1 baudrate:115200 In the VM settings, associate a pipe to the COM1 port: \\.\\pipe\debugk (windows) or /tmp/debugk (linux) Here is a list of…
This is a python script for Immunity debugger that sets breakpoints on “interesting” APIs. Here is the list of APIs (in no particular order): “ZwRaiseHardError” “bind” “listen” “socket” “DeviceIoControl” “ZwCreateFile” “ZwCreateSection” “ZwQueryInformationFile” “ZwQueryAttributesFile” “ZwCreateUserProcess” “ZwOpenKeyEx” “ZwOpenKey” “ResumeThread” “CopyFileA” “CopyFileExW” “CopyFileW” “CreateDirectoryA” “CreateDirectoryW”…