This is very simple web crawler I coded for fun. It uses a breadth first search algorithm in crawling urls.
– This tool might be useful in finding subdomains

Download: https://github.com/OsandaMalith/WebCrawler/releases
This is very simple web crawler I coded for fun. It uses a breadth first search algorithm in crawling urls.
– This tool might be useful in finding subdomains

Download: https://github.com/OsandaMalith/WebCrawler/releases
When performing illogical ranges in Ruby and converting it to an array it uses 100% memory, disk and CPU which will freeze your computer. I have tested this issue on a Windows 10 64-bit machine. In a 64-bit Ubuntu machine after sometime the process will get killed when the process is out of memory. These types of issues can be caused in most languages, in which it tries to allocate more and more memory. This is a simple example I found in Ruby.
Ruby version:
[code]
ruby 2.3.1p112 (2016-04-26 revision 54768) [x64-mingw32]
[/code]
PoC:
[code language=”ruby”]
(‘malith’..’osanda’).to_a
[/code]
This interface loads an SQLite extension library from the named file.
[code language=”C”]
int sqlite3_load_extension(
sqlite3 *db, /* Load the extension into this database connection */
const char *zFile, /* Name of the shared library containing extension */
const char *zProc, /* Entry point. Derived from zFile if 0 */
char **pzErrMsg /* Put error message here if not 0 */
);
[/code]
More information: https://www.sqlite.org/c3ref/load_extension.html
You can use this function to load a SQLite extension. However by default sqlite3_enable_load_extension() is turned off by default to prevent this in SQL injection attacks. You can read more from here https://www.sqlite.org/c3ref/enable_load_extension.html
The syntax would be
[code language=”sql”]
select load_extension(โpath\dllโ, โEPโ);
[/code]
However this path, const char *zFile can be a SMB share too.
(more…)
O’Reilly’s video training website is http://www.infiniteskills.com/. One day while I was browsing I found out that their online player can be spoofed with our own content. For example I was able to watch my favorite music videos ๐
After reporting I was given to choose any 2 courses for free. Thanks for the reward ๐
(more…)
I was able to bypass their XSS filter. After responsibly disclosing the vulnerability I got acknowledged.
https://docs.wso2.com/display/Security/Acknowledgments
Reported SQLi and 2 XSS.

As usual responsible disclosure ๐

avira cert
[tweet https://twitter.com/Avira/status/760418158956118020]
In the world of Windows you can execute shellcode using the VirtualAlloc and VirtualProtect Windows APIs. There are also few more APIs we can use to do the same task but different techniques involved.
This is how MSDN explains this:
Changes the protection on a region of committed pages in the virtual address space of the calling process.
[code language=”c”]
BOOL WINAPI VirtualProtect(
_In_ LPVOID lpAddress,
_In_ SIZE_T dwSize,
_In_ DWORD flNewProtect,
_Out_ PDWORD lpflOldProtect
);
[/code]
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366898(v=vs.85).aspx
Basically we can make our shellcode memory region executable and invoke it using this API. We use the PAGE_EXECUTE_READWRITE as the memory protection constant for the flNewProtect parameter to make our page RWX.
Hereโs an example using C which I have implemented.
(more…)
IE and Edge both uses a default XSS filter which is not powerful like the XSSAuditor(Webkit/Blink).
This is how the XSS filter is implemented.
https://msdnshared.blob.core.windows.net/media/TNBlogsFS/BlogFileStorage/blogs_technet/swi/WindowsLiveWriter/IE8XSSFilterArchitectureImplementation_7E69/pic1_thumb.png
(source: https://blogs.technet.microsoft.com/srd/2008/08/19/ie-8-xss-filter-architecture-implementation/)
(more…)

I made some interesting SQLi challenges based on some real world experiences ๐ Give it a shot to test your SQLi skills ๐
Thank you very much for more than 100 likes !
[tweet https://twitter.com/hasherezade/status/756122086112915456]