I found out that attachments containing Javascript or HTML will get executed in the browser once you open in a new tab. The attachment can be anything simple like .html, .svg containing our payload.
[code language=”html”]
<html>
<script>
prompt(‘XSS by Osanda Malith’);
</script>
</html>
[/code]
(more…)
The HTTP protocol comprises of the following verbs or methods.
I assume you are well aware of these, you can read more about them in detail from this RFC document.
(more…)
The Vigenère cipher is a very known cipher for centuries, you can read more about it from here. It uses a series of Caesar ciphers to encrypt the text. Sometime ago I came across a challenge in breaking the Vigenère cipher. But this was a variant of a Vigenère cipher which uses XOR gate instead of normal polyalphabetic substitution. Here is the encryption program. In a challenge you won’t get the encryption program but however you can code it.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
#include <stdio.h> #define KEY_LENGTH 7 /* * Title: Variant of a Vignere Cipher Encrypter * Author: Osanda Malith Jayathissa * Website: http://osandamalith.wordpress.com */ int main() { FILE *fpIn, *fpOut; unsigned char ch; unsigned char key[KEY_LENGTH] = {0xBA, 0x1F, 0x91, 0xB2, 0x53, 0xCD, 0x3E}; fpIn = fopen("ptext.txt", "r"); fpOut = fopen("ctext.txt", "w"); for (size_t i = 0; fscanf(fpIn, "%c", &ch) != EOF; ++i) if (ch!='\n') fprintf(fpOut, "%02X", ch ^ key[i % KEY_LENGTH]); fclose(fpIn); fclose(fpOut); return 0; } |
I am sure you know about exploiting file inclusion vulnerabilities. In file inclusion situations in common we can read files arbitrarily in the system or remotely depending on the permissions. In PHP environments commonly we poison the log files or inject malicious PHP into the user agent header and load the “/proc/self/environ” file. However when we encounter file inclusion situations in PHP environments we can use the in-built PHP wrappers to make our exploitations much easier or perhaps bypass existing filters.
There are lot of LFI exploitation tools available but I’ve written this tool mainly focusing on the usage of “php://input”, “php://filter” and “data://” methods. Even though the title explicitly conveys “LFI Freak” this can be used for RFI vulnerabilities as well. This tool is written in Python 2.7 and I have included binaries for both Windows and Linux systems. If you are running from the source or want to modify this, you need the BeautifulSoup library.
Here is a small walkthrough of the features of the tool.
To test for local or remote file inclusions you can use the option one “Automated testing”. I am using DVWA in here. To test this tool create a small vulnerable file.
[code language=”php”]
<?php
echo "File included: ".$_REQUEST["page"]."<br>";
$file = $_REQUEST["page"];
include $file;
?>
[/code]
(more…)
In PHP we can pass arguments to a function dynamically during runtime. For example have look at this example.
I have used call_user_func_array() to pass the arguments to the function. The syntax would be:
[code language=”php”]
call_user_func_array(function, param_arr)
[/code]
Since I have used $_GET we can pass the function and its arguments during runtime.
http://localhost/?func=user&args[]=Osanda&args[]=secret&args[]=abc@abc.com
I was interested in learning ARM assembly language for developing small applications for microcontrollers. I wrote this small piece of shellcode which will write “127.0.0.1 google.lk” inside the /etc/hosts file in a Linux system. I used my Raspberry Pi model B+ for this 🙂
We will be needing the following syscalls.
[code language=”c”]
#define __NR_exit (__NR_SYSCALL_BASE+ 1)
#define __NR_write (__NR_SYSCALL_BASE+ 4)
#define __NR_open (__NR_SYSCALL_BASE+ 5)
#define __NR_close (__NR_SYSCALL_BASE+ 6)
[/code]
