lokori

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

---

lokori

#!/bin/sh

DOCKER=`which docker`
IMAGE='owasp/zap2docker-weekly'
URL='https://www.example.com'
ZAP_API_PORT='8090'

# Start our container
CONTAINER_ID=`$DOCKER run -d \
  -p $ZAP_API_PORT:$ZAP_API_PORT \

lokori

#!/bin/sh

DOCKER=`which docker`
IMAGE='owasp/zap2docker-weekly'
URL='https://www.example.com'
ZAP_API_PORT='8090'

# Start our container
CONTAINER_ID=`$DOCKER run -d \
  -p $ZAP_API_PORT:$ZAP_API_PORT \

lokori

(ns postgresql-util
  "Common db validations"
  (:require [korma.core :as sql]))

(defn validate-triggers
 "Checks that all tables in the database, except for Flyway's schema table, have triggers enabled."
 []
 (let [flyway-table "schema_version"
       invalid-tables (sql/exec-raw
                          (str "select table_name from information_schema.tables"

lokori

#!/bin/bash                                                                                                                                                               

# Original: https://gist.github.com/woowa-hsw0/caa3340e2a7b390dbde81894f73e379d                                                                                           

set -eu
umask 0022

TMPDIR=$(mktemp -d awsenv)

echo "TEMPDIR $TMPDIR"

lokori

# Run something in a db transaction, handle commit etc.
# f is a function which takes db cursor as a parameter for callback
def run_with_db(f):
    connection = None

    try:
        connection = psycopg2.connect(__get_connection_string(config))
        cursor = connection.cursor()
        rv = f(cursor) # run something in db transaction
        cursor.close()

lokori

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

lokori

@binkmail.com
@bobmail.info
@chammy.info
@devnullmail.com
@letthemeatspam.com
@mailinater.com
@mailinator.net
@mailinator2.com
@notmailinator.com
@reallymymail.com

lokori

#!/bin/bash

# Lataa tiedostossa yle-dl.txt olevat urlit yksi kerrallaan. Tämän voi laittaa taustalle pyörimään..

#docker run --rm -ti -v `pwd`:/out taskinen/yle-dl yle-dl [YLE-URL-TO-DOWNLOAD]
# 10 = file descriptor, jos loop-body voi lukea standard inputista - tässä tapauksessa ehkä tarpeetonta kikkailua :)
while read -u 10 url; do
  docker run --rm -ti -v `pwd`:/out taskinen/yle-dl yle-dl $url
done 10<yle-dl.txt

lokori

(defn   set-or-create-cell! 
  ([sheet n val type]
    (let [cellref (org.apache.poi.ss.util.CellReference. n)
          r (.getRow cellref)
          col (int (.getCol cellref))
          row (or (.getRow sheet r) (.createRow sheet r))
          cell (or (select-cell n sheet) (.createCell row col type))]
      (set-cell! cell val)))
  ([sheet n val]
    (set-or-create-cell! sheet n val org.apache.poi.ss.usermodel.Cell/CELL_TYPE_STRING)))