feed2list will stop its service on 2019-01-01
Search and browse in Computer · Technology
   search hits: 185
website Pentesting, System Hardening & IT Security Blog
feed text DVWA - Unintended Command Injection - High
Mon, 20 Aug 2018 20:51:00 +0200

In preparation for a new web security training course (german, coming soon), I had another look at the current version of the Damn Vulnerable Web App (DVWA). As I documented the solution for the command injection vulnerability on high, I found something that sparked a tiny idea how this part might be exploited in a totally different way. Obviously I had to investigate further and since I didn't see this solution out there already, I documented it here for anyone who's interested.

The usual way

text Are you scanning your network?
Mon, 08 Feb 2016 00:00:00 +0100

Scanning your network is one of the easiest things you can do to help keep your network safe. Recently I began to wonder if our vulnerability scanner is actually providing any value to us, since all reports looked essentially like this.


But that all changed with the latest report I got, which suddenly looked like this.


Wow, so what happened? First of all, the report is a summary of all our networks vulnerability scans, so this includes production, testing, development and so on. Still th...

text Take care of your boarding pass
Fri, 08 Jan 2016 22:30:00 +0100

During the last weeks before Christmas, I found myself traveling more than usual throughout Germany and Europe. While I was waiting at the airports I recognized some typical behaviors that passengers showed before and after the flight. Before the boarding begins the flight ticket is handled like a precious, golden egg and stored safely in handbags, wallets, the inside of jackets or trouser pockets. Not only that, but people also seemingly feel the need to check every five minutes if it's still t...

text Steam Data Leak Was Not A Hack
Sat, 26 Dec 2015 00:00:00 +0100

Yesterday at around 10:00 pm, I noticed that something was wrong with Steam. The interface suddenly presented itself in different languages and kept switching. I tried to switch back to english but got an error message that something went wrong.

A little bit of poking around in the settings showed the profile data of different users on Steam. The selection was random and I didn't recognize any of the users.


The source of this strange behavior was a caching problem that allowed users to s...

text Physical wiretapping for beginners
Wed, 16 Dec 2015 00:00:00 +0100

Sniffing traffic on a network is fun but getting a physical connection in the first place can be just as interesting, especially when you want to extract information from a cabled network but can't simply plug into it. Wiretapping is a way of tapping into a network wire, hence the name, that is already connected to a device on each end. The term originally meant tapping into a phone line but in this case we'll be taking a closer look at a Cat6 ethernet cable.

Required hardware

For simplic...

Now matter how much you want to secure your mail server, to be able to actually communicate with your customers and partners, you will have to face the ugly truth that enforcing STARTTLS might not be the best idea from a business perspective. Using opportunistic encryption, meaning to encrypt mail traffic whenever it suites both parties, unfortunately has the down side of leaving the server vulnerable to downgrade attacks. So wouldn't it be nice if we would at least know whenever someone sent...

text Importing private CA certificates in Android
Mon, 07 Dec 2015 00:00:00 +0100

Internal encryption in company networks is important and something that's done relatively easy. By creating your own certificate authority (CA) and signing your server certificates with it, you can establish a centralized point of trust on all your devices, making it much more easy for you to maintain your network encryption. Plus, it doesn't cost a dime in licenses if you use free solutions such as openssl and you are much more flexible than with paid certificates.

When you are using your o...

Whenever I'm connecting to a new remote server via SSH, I tend to verify the fingerprint to make sure that I'm actually connecting to my own machine. Usually it's not that big a deal as I'm simply comparing two strings, but what if those two strings are created with two different hashing algorithms?

This is what I saw today when I connected to a new server for the first time.

notebook $ ssh remoteserver.name
The authenticity of host 'remoteserver.name' can't be established.
ECDSA key fingerp...

text A First Look at Let's Encrypt Beta
Mon, 16 Nov 2015 00:00:00 +0100

A few days ago, the TLS certificate (SSL is dead, remember?) of my private blog www.hashtagsecurity.com expired without me noticing it, mostly because I paused any activities there to focus on my work here at LastBreach as well as this blog. Since I didn't intend on working on hashtagsecurity.com any time soon, I felt it wasn't necessary to buy a new TLS certficate and set out to replace it with a free one for now. So I signed up for a three month Comodo certificate and long story short, a typ...

text Quick Guide – Hardening Apache2
Fri, 18 Sep 2015 00:00:00 +0200

This is a quick overview of a secure Apache2 configuration. We won’t be going into Linux hardening, but will focus instead on the basic configuration options of Apache2. The following code boxes show examples of a secure configuration. Please adjust them to your requirements and test each of them before applying them to a live/production system.

The examples below include the web server miss-configurations and weak spots that we most commonly observe during our web applications pentests.