Hack in one click. Comparing automated vulnerability scanners

Searches for vulnerabilities require special knowledge, extensive experience, and a sixth sense. But what about novice security researchers? They have no experience and cannot gain it because don’t know where to start from. This is where automated vulnerability scanners come into play. In this article, I will present the main types of such programs and explain how to use them.

Read full article →


Compressed Token Format (CTF). One-time passwords, LDAP injections, and tricks with 7z archiver

Today, I will explain how to hack the CTF virtual machine available on Hack The Box training grounds. For the purposes of this article, the abbreviation “CTF” refers to Compressed Token Format, not Capture the Flag. This VM is vulnerable to various types of LDAP injections, while its authentication mechanism is based on stoken, a generator of one-time passwords. In addition, the target machine uses a loose Bash script, and I will exploit it to fool the 7z archiver and gain root access.

Read full article →


Ghostcat. How to exploit a new RCE vulnerability in Apache Tomcat

This article addresses a vulnerability in Apache Tomcat that enables the attacker to read files on the server and, under certain conditions, execute arbitrary code. The problem lies in the implementation of the AJP protocol used to communicate with a Tomcat server. Most importantly, the attacker does not need any rights in the target system to exploit this vulnerability.

Read full article →


Pentester’s suitcase: Identifying OS on remote host

As you are aware, any penetration test starts from information collection. You have to find out what operating system is running on the remote host, and only then you can start looking for vulnerabilities in it. This article presents seven useful tools used inter alia for OS detection and explains their operation principles.

Read full article →


DoS attacks on ModSecurity: Exploiting critical bug in popular WAF

A critical vulnerability resulting in a denial-of-service error has been recently discovered in ModSecurity, a popular web application firewall (WAF) for Apache, IIS, and Nginx. The bug is truly severe: not only does the library stop working, but applications using it as well. Let’s see what was the mistake of the ModSecurity developers and how we, ethical hackers, can exploit this vulnerability in our penetration tests.

Read full article →