Cyberis Blog
Reassuringly clear thinking.
- Tools and techniques
ResponseCoder - Manipulation Of HTTP Response Headers
ResponseCoder is designed to allow you to easily manipulate HTTP response headers - specifically to identify weaknesses in perimeter filtering appliances such as web proxies and next generation firewalls. It’s an open source PHP script that formulates HTTP response headers on-the-fly, allowing the operator to form specific test cases as necessary.
- Penetration testing
- Tools and techniques
Finding Hidden Vhosts
During a recent test we observed a number of web servers that had a number vhosts configured, only some of which were discoverable from public DNS records. Internal DNS servers were configured to resolve the remaining ‘hidden’ vhosts served by the web server. Here's how we found them...
- Tools and techniques
Loading UDF Files On MySQL 5
Command execution via SQL injection is rarely possible on MySQL 5, as specifying the path to a shared library is not permitted due to security concerns - in other words it is not possible to create a UDF allowing you to run shell commands. Normally, if you can write to the default plugins location (/usr/lib/mysql/plugin), you already have root privileges and it's already game over. With MySQL 4 you could specify the full path to a shared library, so the install of a dangerous function was relatively straightforward. Before giving up altogether however, check to see if you can write to the defined plugin_dir directory...
- Tools and techniques
'Expect' Scripts To Perform Build Reviews Of Linux/Unix Hosts
A host implementation review, more commonly known as a build review, can provide systems administrators with a comprehensive picture of the security of their build. Typically, a review allows the client to gain assurance of internal build standards and also meet external compliance requirements by assessing the following areas...
- Tools and techniques
Adding A Pinch Of Salt
Following the recent LinkedIn breach, the company has stated that their current production database contains salted passwords. Obviously this was not the case at the time of the breach (SHA1, unsalted), so a salt value must have been added to improve security. But how can you add a salt value to a password hash, if you don't know the password?
- Research
- Tools and techniques
Testing Access Controls On Large Web Applications
Testing access controls on web applications can be a difficult task if presented with multiple user roles and a large number of pages. Depending on the application, unauthorised access to a page may result in a client error code (40X), a redirect (30X), a straight 200 with an error message within the page, or possibly even a server-side error (50X). This is how we approach the problem...
- Research
- Tools and techniques
Evading .NET And Browser XSS Protection With Attribute Based XSS
.NET applications offer good protection against basic reflected XSS vectors. Since .NET 1.1, ValidateRequest has been examining client supplied input for "supicious" characters, and throwing a helpful error message if such characters are found within a GET or POST request. These days, an attempt to perform the classic alert(1) will likely fail against the majority of .NET applications with the well known "A potentially dangerous Request.Form value was detected from the client..". Does that mean XSS in .NET is dead?
- Penetration testing
- Tools and techniques
Hacking An E-Commerce Site - For Fun Or Profit?
Having testing a number of e-commerce sites in recent times, I wanted to share some of the vulnerabilities encountered, and the reasons why someone would seek to exploit them. Recent high profile hacks in the media have rightly made retailers sit up and take notice of security - whilst PCI DSS attempts to mandate a certain level of assurance, the risk of losing substantial amounts of money and seriously damaging reputation focuses the attention on security more than any overarching standard.
Improve your security
Our experienced team will identify and address your most critical information security concerns.