Privilege Escalation Techniques

Posted on Mi 10 August 2016 in Security • Tagged with Linux, Privilege Escalation, rootLeave a comment

This blog post will serve as a cheatsheet to help in my future pentesting experiments and wargames when I am stuck and don't know how to proceed. I hope it will be of use for some people out there. This document will likely change and evolve in future revisions.

In this blog post I will discuss common privilege escalation techniques. I assume that an attack got a foothold into the server by spawning a webshell over SQL-Injections or similar web exploitation vectors.

Helpful resources

Other people have published great ...

Continue reading

What other package managers are vulnerable to typo squatting attacks?

Posted on Do 30 Juni 2016 in Security • Tagged with security, Typosquatting, nuget, cargoLeave a comment

In my last blog post about typosquatting package managers I discussed my findings about attacking the programming language package managers from rubygems.org, PyPi and npmjs.com.

This blog contribution generated quite some interest and people subsequently asked themselves whether other package managers might also be vulnerable to this hybrid attack (typosquatting involves a technical and psychological attack vector). During the time I wrote my thesis, I encountered some other package managers. A very good overview of some of the most recent package managers gives the github showcase page about ...

Continue reading

Typosquatting programming language package managers

Posted on Mi 08 Juni 2016 in Security • Tagged with PyPi, Npmjs.com, rubygems.org, security, TyposquattingLeave a comment

Edit: It seems that the blog post and the thesis caused quite some interest. Please contact me under the following mail address, since my mail server on this VPS is constantly down :/ tschachn [|[at]|] hu-berlin [[|dot|]] de

In this blog post I will show how to use the neat JavaScript library chart.js with the well-known Python web-framework Django. As a sample data set I will make use of my workout progress data between May 2016 and August 2016.

  • 17000 computers were forced to execute arbitrary code by typosquatting programming ...
Continue reading

No 1. - wp-members: Interesting peristant XSS leading to remote code execution.

Posted on Fr 15 März 2013 in Security • Tagged with Security, ProgrammingLeave a comment

Hey you there!

Type: Stored cross site scripting
Risk: Medium to high
Affecting: http://wordpress.org/extend/plugins/wp-members/ Vendor site: http://rocketgeek.com

Preface

It has been quite some time since I took concern of my blog, although I would have had some content ready (maybe even worth) to be published. Around six weeks ago, I rummaged (wow - new word!) through endless lines of wordpress plugin code, in the hope to get my hands on some low hanging fruits (In the likely case you don't have a clue ...

Continue reading

Linux/Unix privileges from a blackhats perspective

Posted on So 30 Dezember 2012 in Security • Tagged with Privilegeescalation, Unix, Security, FilepermissionsLeave a comment

Hey folks!

Had some difficulties understanding UNIX file permissions in all it's variations and eternal predisposition to misuse as adminman! Made a little PDF, the independent blog article will follow soon. It's just a pain in the ass to format all that LibreOffice into a nice wordpress format. Next time, I will just do it in plain ASCII 7 Bit style, goddamnit...

Hell, it's time to read some phrack stuff again :)

Download PDF here: blackhats_view )

Continue reading