In this post I would like to share some experiences of a web application hacking project. After I got access to the admin section of the web application I realized that there is a file upload function available for administrators. The application properly denied uploading dynamic scripts (eg.: .php) and...
2014-01-31 — 2 minute readI’ve always wanted to take a look at the security of 3G modem sticks but as a more “high-level” guy, I basically procrastinated the task of messing with kernel drivers and such, and settled to installing these devices into disposable virtual machines for security. But after I saw the presentation...
2014-01-23 — 4 minute readInspired by the Windows Remote Dektop bug (CVE-2012-0002) I created a simple network protocol fuzzer. This is a dumb fuzzer that only changes every single byte value from 0 to 255: #!/usr/bin/python import socket import time import struct import string import sys init1 = ( "Sniffed network connection part 1"...
2014-01-13 — 5 minute readDuring a web application test one of the most precious bugs you can find is a good-old SQL injection: These vulnerabilities can lead you to bypass all the security controls of the application, elevate your privileges and find new (possibly vulnerable) functionality and in the end take control over the...
2014-01-10 — 4 minute readIn this post I will share my testing experiences about a web application protected by a web application firewall (WAF). The investigation of the parameters of web interfaces revealed that I can perform XSS attacks in some limited ways. The target implemented blacklist-based filtering that provided some HTML tag and...
2014-01-06 — 2 minute readAfter I read the description of the Plesk vulnerability CVE-2012-1557 I decided to investigate the application a bit deeper. You can download a fully installed VMware image from the internet so you can skip the install and save some time. The PHP files which belong to the PLESK application are...
2013-12-17 — 4 minute readWelcome to the technical blog of the Silent Signal crew! We are a Hungarian IT-security company focused mainly on penetration testing. As strong believers of the original hacker philosophy we’ve always supported the boundless flow of thoughts and information that we’ve also been benefiting very much from. After years spent...
2013-12-05 — 1 minute read