There is a case ongoing which is known as The United States versus Love. As always when I mention the law on this site, I am not a Lawyer, therefore I will link to all of my sources inline and allow you to draw your own conclusions. I support Lauri Love and I would like to detail some reasons as to why you should too. I also wish to highlight some things you should be seriously concerned amount regardless of your opinion on Lauri or his case specifically.
This is an advanced Cross-site Scripting (XSS) post, if you’re new to XSS maybe try this one first: What is Cross-site Scripting?
During Penetration Tests I often see testers utilising Cross-site Scripting attacks, popping an alert(1) and stopping there; additionally looking through the payloads used by other testers I often find one area missing. So if you’re a tester, think of the payloads that you deploy and think how you are testing for the type of vulnerability described below:
This is an advanced SQL Injection (SQLi) post, if you’re new to SQLi maybe try this one first: Basics and Defence
Recently I had a fairly slow Time-Based SQL injection vulnerability, meaning that I could only pull a single character at a time with SQLmap and each character took around 10 seconds to retrieve. An alternative approach in this situation is to use out-of-band retrieval. This is a concept that can be used when exploiting lots of vulnerabilities such as SQL Injection, Command Injection, Cross-site Scripting and XML External Entity Injection.
The idea is fairly simple, instead of capturing the data you would like to retrieve and extracting it through Boolean-logic you can request the system to transmit the data over a protocol such as HTTP, SMB or DNS.
Recently during a CTF I found a few users were unfamiliar with abusing setuid on executable on Linux systems for the purposes of privilege escalation. If an executable file on Linux has the “suid” bit set when a user executes a file it will execute with the owners permission level and not the executors permission level. Meaning if you find a file with this bit set, which is owned by a user with a higher privilege level than yourself you may be able to steal their permissions set.
Getting Root Access to Web Servers
I’ve written previously about How To Become a Penetration Tester, listing things that employers would like to see out of potential junior testers. I’ve written an awful lot about many web application vulnerabilities like Cross-site Scripting and Directory Traversal; I’ve even written about the methodology behind External Penetration Testing. However – until now I’ve not tied all of the little pieces together. Plus, one of the biggest things on the list of desirables for a junior testers CV is practise.