Attack & Defense on FTP Server

From this post, we will learn how an attacker is able to target the FTP Server and what steps should be taken by the administrator to secure the same.

This is the first post of the series. Make sure you read the full post to have a comprehensive understanding, and in case of any doubt drop me a note.

Introduction:

Many organizations usages FTP service exposed to their clients so that, they can send over huge files. …


HTB Trending Questions — 2020

HackTheBox Questions Answered

This article is going to be completely different than what I used to publish. Here I am going to answer some of the popular questions asked by the users on the internet. Hope you like it !!

The keyword that I have chosen for the day is HackTheBox.


You will love and enjoy ZSH !!!

Introduction:

Offensive Security owned Kali Linux is the most renowned open-source penetration testing platform by a security professional. It includes a comprehensive collection of various packages and tools used for ethical hacking or penetration testing.

When Kali Linux 2020.3 was released back in the 3rd quarter,2020, KSH was pre-installed but leaving BASH as their default shell. It gave a heads up to everyone that they will be switching from their default Bash shell to ZSH in their upcoming release.

After considering the positive feedback from the Kali Linux end users and successfully testing the shell features, the switch has now…


Red Alert for Developers on Windows

Remote code execution on GIT LFS

On 5th Nov 2020, a critical vulnerability was found on one of the popular Git extensions known as GIT LFS. The successful exploit of this vulnerability leads to remote code execution on the target machine.

If you or your organization uses git for source/version control for your code and the repository, then you should consider this issue is going to come as a potentially serious risk to your assets. …


WordPress File Manager RCE

In the 1st week of September, a critical vulnerability was found on one of the popular WordPress plugins called File Manager. The successful exploit of this vulnerability leads to complete hijacking of the target site and the best part is the attacker does not require any credentials for this.

Tell me more about WordPress?

WordPress is a content management system written in PHP and paired with MYSQL or MariaDB. …


CVE-2020–16952

From this post, how will learn how to exploit a server-side inclusion vulnerability and chain the same with ViewState deserialization for remote code execution in Microsoft SharePoint. Make sure you read the complete post for a good understanding of vulnerability and exploitation.

Introduction:

SharePoint is one of the most popular web-based collaboration and content management platform from Microsoft. Recently security teachers have found remote code execution vulnerabilities in 3 of the Microsoft SharePoint product. To exploit it an attacker has to first exploit SSI and followed by ViewState Deserialization.


$uname

From this post, you will learn how an attacker is able to access the internal files and perform SSRF attack on BigBlueButton web conference platform.

$su
Password:
Authentication failure

Neither I have found this critical vulnerability nor taking any credits of the CVE (CVE-2020–25042). After analysing and exploring the description available on various blogs and public forums I have written this post to help security enthusiast educate about this issue. …


Mara CMS

Introduction:
Mara CMS is a open source file based content management system. It is built using HTML5 and CSS3 and is easy to use because of its drag and drop editing feature. The other features include live editing, instant preview, rollback, etc.

Till date, security researcher has found 2 vulnerabilities on Mara CMS. They are Mara CMS contact.php cross site scripting and Mara CMS unrestricted upload.

TL;DR
In this post, I will demonstrate how to exploit a vulnerability “Arbitrary File Upload” vulnerability found in Mara CMS 7.5. The attacker should have a valid credentials either for admin or manger role in…


rConfig

rConfig is an open-source network device configuration management utility tool natively written in PHP. By adding some extra modules to PHP, the features can be customized according to the need. This is widely used by the network administrators to take frequent configuration snapshots of their network devices. Being said that, it was many unique features like customizable device commands, connection templates, schedule tasks, database password encryption, monitor device configuration for policy compliance, etc.

In the past several years, security researchers have found many high severity level vulnerabilities in rconfig. Here are some of the CVEs: CVE-2019–16662, CVE-2019–16663, CVE-2019–19509, CVE-2019–19585, CVE-2020–10220.

Pawan Jaiswal

Security Engineer @ CISION | CEH | OSCP | HTB | CTF | Bug Bounty Hunter | Security Researcher | Full Stack Developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store