It’s not a common scenario but if during a pentesting you get access to some machine with a user that has
sudo rights to execute
openvas, you could escalate privileges to get root!
In this post I’m going to describe some OpenVAS workflows and then dive into this particular local privilege escalation.
“An Exploration of JSON Interoperability Vulnerabilities” by Jake Miller was published last week. It’s an interesting research about differences among JSON libraries that could lead to logic bugs and puts this kind of vulnerability into the map when you do threat analysis. In this post I’ll analyze the examples from the original post and try to mitigate the vulnerabilities from a secure development perspective.
We’re going to start analyzing the first lab “Validate-Proxy Pattern” from the original post. The code can be found here:
It’s a bit contrived example because it takes advantage of a malformed JSON dictionary with duplicate…
By default a script should run without any network or file system write access
It makes sense and specially for the frontend realm where most of the time we’re developing code to be run in a browser and in a browser you don’t have i.e. file system write access.
Initial research was done as part of my work at Dreamlab Technologies.
At work I had to vet different software detection solutions and one of them was Wappalyzer. …
This is the next post of this serie called “Web scraping considered dangerous”. You can read the previous post here and as an update, my pull request fixing
FormRequest.from_response behaviour was merged!
This post is again based on scrapy (version
1.6.0) and I’ll show two techniques to leak files from the spider’s host, however it’s not that easy since the website must meet certain requirements to make this exploitation successful. Let’s go the facts!
Websites return data in multiple data formats (
html, xml, json, csv, plaintext, etc) and to do the exploitation exposed in this post there’s a tight…
Disclaimer: scrapy 1.5.2 has been released on January 22th, to avoid being exploited you must disable telnet console (enabled by default) or upgrade up to
This year the focus of our research will be security in web scraping frameworks. Why? Because it’s important for us. As a little context, between 2012 and 2017, I’ve worked at the world leader Scrapinghub programming more than 500 spiders. At alertot we use web spiders to get fresh vulnerabilities from several sources, then it’s a core component in our stack.
We use scrapy daily and most of the vulnerabilities will be…
I’ve made some changes for clarity purposes. Originally it was published in 2014: https://spect.cl/blog/2014/08/exploiting-the-scraper/
As some of you have noticed, the post frequency has been low in last years because I’ve been happily working full-time for more than two years at Scrapinghub, the company behind the popular scrapy framework. I’ve been working mostly on software projects so only in my spare time I dedicate time to do security research.
scrapy is a powerful client-side framework to do web scraping and it usually doesn’t involve server-side components, unless you run scrapyd to manage your scrapy spiders. …
El año pasado hubo en Chile una charla titulada “Chile Exposed: un puerto para gobernarlos a todos” haciendo referencia al anillo del Señor de los anillos. La charla trataba sobre acceso a recursos compartidos de diversas organizaciones en el puerto 445, por lo que me cuestioné si ese era realmente el anillo para gobernarlos a todos. Creo que hay un mejor postulante a One Ring, vamos en su búsqueda!
Vamos a viajar en el tiempo: Chile en 2014. ¿Qué software estaba instalado en la mayoría de los principales sitios nacionales? Respuesta rápida: el kit de pago de Transbank (KCC). El…
[This post is only available in Spanish because the target audience is in Chile]
En el último tiempo, han circulado diversos correos falsos en nombre del SII (Servicio de Impuesto Internos) en el marco de ataques de phishing y distribución de malware.
Analizando algunos de ellos, es notorio que se trata de correos falsos, dado que presentan:
Si no presentaran tales características, la probabilidad de infectar/engañar a la gente que recibe tales correos aumenta considerablemente. En este post revisaremos una vulnerabilidad de Cross-Site Scripting en el…
This weekend we participated in Metasploit Community CTF and got the 12th place out of 1000 registered teams (but according to organizers, 600 teams logged in). This time our team was small (chcx and me most of the time, deb_security last day) and we got the help from Miguel Mendez (@s1kr10s) from exploiting.cl for an important task.
Here’s a little review of some of the challenges. There were two machines: a Windows and an Ubuntu machine, both with a lot of services. Let’s start with some challenges related to Ubuntu machine and then continue with Windows one.
There was a…