Kategorie: Security

What to do when your PHP server gets hacked? This is a story of a compromised linux web server I recently dealt with. New PHP files had appeared that had nothing to do with the wordpress application running on the server and for a specific user agent, all traffic...

Shortly after my second blogpost on Frida, @muellerberndt decided to publish another OWASP Android crackme and I was tempted to see whether I could solve it with Frida again. If you want to follow along, you need the OWASP Uncrackable Level2 APK Android SDK and Emulator...

After the introduction to Frida in the first part of this post, we are now bringing Frida to use for solving a little crackme. After what we have already learned about Frida, this is going to be easy (- in theory). If you want to follow along, please download...

When I visited RadareCon last year, I learned about Frida, a dynamic binary instrumentation framework. And what seemed only interesting at first, turned out to be quite a lot of fun. Remember God mode in games? That’s what Frida feels like for native apps. This is a blog...

This is a post on how to dissect the AdWind / jRAT / jBifrost Java trojan that has been around for quite a while and is still actively distributed in multiple variants. jRAT is nothing new and it has been decrypted before, but it’s still an interesting excercise. I retreived...

How it works I recently had the chance to compile a (semi-)passive OSINT (Open Source Intelligence) report for a client. I used recon-ng as a basis for gathering information and automatically querying multiple sources of information, so here is a blog post about it. OSINT means that you...

This blog post should help you to set up some basic security measures on your stand-alone webserver. It focuses on a typical LAMP stack and open source security solutions, but should in principle be applicable to other linux web servers and database setups as well. I’m going to give a...

If you set up an environment for Windows kernel debugging the first time, it can be a bit confusing. So here is a small and hopefully simple tutorial for setting things up with VirtualBox and Windows 10 as a host OS. (Other Windows versions should work as hosts, too.) <h2...

So here is another Wordpress Plugin vulnerability and its a nice one since its “just” XSS, but persistent XSS. And because it’s persistent you do have plenty of time and opportunities to exploit it. The plugin also contains a SQL injection vulnerability (the full description can be found at <a...

Sometimes you discover a local file inclusion vulnerability (LFI) in a php webapp but it does not allow you to include remote files: The admin has done her job well and disabled allow_url_fopen (or just allow_url_include). So what other ways are there to get your code into a PHP...

In this post, I’d like to talk about the stack and how it works in assembly. We will also examine the stack with gdb. Understanding the stack is crucial for reverse engineering or writing certain types of exploits. Before reading this, you should already have a basic idea of what...

Being made aware about some vulnerabilities in ProjectSend I also had a look at the application and discovered multiple XSS issues. Here is a list of issues found: Description ProjectSend is a self-hosted PHP based file-transfer platform. Several serious vulnerabilities have been discovered so far (e.g. <a...

During an evaluation of the Wordpress Plugin SP Project & Document manager I discovered several vulnerabilities. They are also examples of classical OWASP vulnerabilities that are oh so well known but still present in far too many applications. The plugin is used by thousands of Wordpress sites and the...