Oracle EBS Security auditing
The-Infosec
by Alfie
3y ago
So this is my attempt to improve on this post I wrote last year and other tests that I find helpful. Whatever is outlined here really is a tip of the iceberg and further tests should definitely be done depending on scope, objectives… Application testing: Controls to test: Default application account credentials Weak application password controls Poor patching policies Directory listing / sensitive information exposure Segregation of duties / roles and responsibilities Etc Default application account credentials: I have created a list of common default accounts on the application and uploaded ..read more
Visit website
From Shodan to Remote Code Execution #3: Hacking the Belkin N600DB Wireless Router
The-Infosec
by Alfie
3y ago
Our newest post of this interesting series of Shodan to RCE takes us to Belkin routers. Shodan search: “Server: httpd” “Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0” “100-index.htm” As at the time of writing this post, there were not so many results for the Belkin routers )-: By navigating to one of the shodan search results, we may get such a dashboard, which in itself may be reported as a security vulnerability? – unauthorized access?, information disclosure?   Getting key, method #1 By navigating to the link http://target//langchg.cgi and view the s ..read more
Visit website
Blackhat Europe 2017 – conference notes
The-Infosec
by Alfie
3y ago
I had the pleasure to attend the Blackhat Europe 2017 in London – and it was enlightening! In this post, I shall provide links to the slide decks, videos and tools shared during the demonstrations, briefings and various talks. The abstracts for the briefings can be found on the official Blackhat Europe website.   1.Black Hat Europe 2017 youtube playlist (continuously being updated):   2. Presentation slide decks: LOST IN TRANSACTION: PROCESS DOPPELGÄNGING:https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf HOW TO HACK A TUR ..read more
Visit website
From Shodan to Remote Code Execution #1 – hacking Jenkins
The-Infosec
by Alfie
3y ago
In this era of extreme automation, whether for development, programming deployment or even security management are we getting closer to security maturity or are we better off without the automation? In the next posts, I hope to uncover some of the tools/ applications employed on enterprises geared towards automation and better security but end up exposing and increasing surface area for attack. We start with Jenkins. Jenkins  is an open source automation server written in Java. Jenkins helps to automate the non-human part of software development process, with  ..read more
Visit website
SAMBAry save us!!
The-Infosec
by Alfie
3y ago
Remember linux users laughing at Windows users because of the now all too famous Wannacry? Karma. According to Samba, “All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.” Might appear not to be serious,but a quick look at our beloved Shodan we see roughly half a million companies with publicly exposed samba (shares.) – not to say all are exploitable but narrowing down and just by viewing the versions, more than half ar ..read more
Visit website
From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0
The-Infosec
by Alfie
3y ago
A sequel to the last post of what is now becoming a series of “From Shodan to remote code execution”, we now take a look at how to hack misconfigured Dreambox installations. Dreambox is a company which offers Digital TV set top boxes and other related services. Shodan search: Perform a shodan search as below: Go through the portals in the search results. The indicator of a vulnerable dreambox installation is the presence of webadmin plugin as below: From the address bar run linux commands using the syntax: http://IP/PORT/webadmin/script?command=|”linux_command” as shown below: &nbs ..read more
Visit website
Exploiting Windows with Eternalblue and Doublepulsar with Metasploit!
The-Infosec
by Alfie
3y ago
Most of us got hold of the NSA exploits recently released to the public and there was so much hype and public statements around it. A lot has been said, and most vendors came out to defend their products and to release patches to downplay/mitigate the impact of these exploits. In the exploits, we came to learn about Fuzzbunch, NSA’s exploit framework – “NSA’s metasploit”. I know a few people who have tried to use it and fail due to lack of knowledge/ familiarity with the dependencies that Fuzzbunch demands…fret no more. We can exploit the same vulnerabilities using our beloved Metasploit ..read more
Visit website
Penetration testing Sharepoint
The-Infosec
by Alfie
3y ago
Like any normal web application, Sharepoint may fall prey to OWASP Top 10 vulnerabilities with a special focus on XSS, mostly due to inadequate patching and misconfiguration. On this post, we focus on recon / what sharepoint is exposing. Google Dorks FTW!: Some google dorks to help you find sharepoint installations exposed to the web as below. It would be wise to add the parameters “site:yoursite.com < then the below dorks>” to narrow down the search and discover what your sharepoint installation is exposing to the public. Fuzz: From the above, we can view a lot of documents, which y ..read more
Visit website
Word Heist!
The-Infosec
by Alfie
3y ago
So, I stumbled upon an interesting script. Over the years, I have been using various tools and scripts to do spear phishing; with the many vulnerabilities in Microsoft Office Suite and Adobe PDF reader being enablers and the ability to embed macros being an even bigger enabler. But things have changed and users are now keen on the “enable macro warning” and they don’t enable macros anymore …hence most spear phishing attempts fail or are filtered by mail filters, firewalls, IPSs as they are deemed suspicious. So this was a breath of fresh air and seems to get through most IPSs and securi ..read more
Visit website
Do you know what your ERP is telling us?
The-Infosec
by Alfie
3y ago
Interesting engagement I had a few weeks ago, a client wanted assurance on their ERP – Oracle E-Business suite, to be specific. I spent a few weeks just to formulate an efficient strategy and be able to cover most controls from an insider threat perspective and an external authenticated attacker angle. For this post, I shall focus on an external unauthenticated attacker angle with a bias to information disclosure, hence the title. No intrusion – give us consent to your environment and I shall be happy to demo. The Oracle EBS suite is a pretty massive estate – version 11 for instance is report ..read more
Visit website

Follow The-Infosec on FeedSpot

Continue with Google
Continue with Apple
OR