Hacking

Python Escape from LA This challenge is about breaking out of a restricted shell to execute a program that resides in the directory. In this case, we are provided a Python shell but we cannot import any modules that would let us perform advanced tasks such as executing a binary.

Question 6: Badge Manipulation The objective for this challenge is simple – we need to bypass the authentication mechanism. The way the authentication works is the machine “Scanomatic” scan a QR code on an employee badge and grants access depending if the QR code matches a proper record in the back-end database.

Minty Candycane: The Name Game This challenge presents us with an onboarding system written in Powershell. There’s a command injection vulnerability in the system that allows us to injection arbitrary commands after the ; is used to end the previous

If you are planning to pentest a WPA/WPA2 network (with No WPS), I have two words for you: Good. Luck. In all my experiments with penetration testing, I have found dictionary attacks on WPA/WPA2 handshakes to be the most annoying and futile exercises.

This is a demonstration of a Buffer Overflow attack to get remote shell of a Windows box. Vulnerable Program - Server-Memcpy.exe [Resource: SecurityTube] Vulnerable Function - memcpy Tools - msfpayload, Immunity Debugger

The vulnerability lies in how web pages are invoked on a web server. If an absolute path or direct referencing is used then it is possible to invoke pages on the server that a hacker has no business seeing.

When you log on to a web server, a session is created which is identified by a session ID. The session identifier can be a cookie. This cookie holds the session ID so that one can log in once for each session (From there on, the session is then passed on to various web pages one browses on that server).

IronGeek hosts a lot of good videos about testing web applications with Burp Suite. I tested these attacks out myself. Attacked Server: Mutillidae Test Page: Main Login Form Test Parameter: Username

As a web application penetration tester, when you find directory browsing enabled on a web server, you include it in your report, but you know subsequent exploitation might be a long shot depending on what information is actually exposed.

If you’re on a shared LAN and you are curious to know what kind of images people are searching for over the web on your Local LAN, you can use Driftnet.