In a recent penetration test that I carried out, I faced an unusual form of SQL injection that fortunately (for me!) let me gain access to sensitive data in the backend database. I would like to share how I found this and exploited it with you. After doing the typical information gathering phase of the […]
Dionach Admin
Dealing with “Service Accounts”
Most systems administrators will be familiar with the concept of a “service account” in a Microsoft Windows network infrastructure. What many do not realise is that this concept is a purely human one. Neither Active Directory, nor any individual
Common Internal Vulnerabilities
There is a perception by many organisations that their internal network is a relatively safe haven from attackers. The thought is that well configured firewall rules and regular external penetration testing of internet connections provide adequate
An Effective Internal Penetration Test
An effective internal Penetration Test – There is a difference between a vulnerability scan and a penetration test, where security is an on-going process. “My servers are all fully patched, and we’ve fixed the weak administrator password that the last guys found. So I don’t really expect you to find anything!” The previous statement, paraphrased […]
List websites on Shared Servers using Bing API
Finding websites that are hosted on a particular IP address or that are hosted on a shared web server is a very useful part of information gathering during a penetration test. Bing supports searching for websites that are indexed on a particular IP address, and there are a few websites that provide this service too, […]
Penetration Testing: A Preventative Security Control
Penetration testing should be part of a preventative approach to Information Security and Security Control to ensure that vulnerabilities are not exploited. It is still a mystery as to why a large number of organisations do not take a more preventative approach to Information Security. There has been enough information in various publications about the […]
Non-Uniqueness of Passwords
Non-Uniqueness of passwords: Cracking administrator passwords stored as an LM Hash using an appropriate set of Rainbow tables in an internal pen test. The following scenario is based on a recent internal penetration test against a large private sector company, concentrating purely on one of the mechanisms used to obtain full control over the internal […]
Payment Processing Vulnerabilities
Handling card payments yourself is complicated and expensive (requiring PCI compliance), so for many organisations it’s often more economical to use a third party payment processor, such as PayPal or Google Checkout. Generally, the vendor website will implement its own shopping cart (bespoke or off-the-shelf), and when the user goes to checkout, they are redirected […]
Vulnerability: Grapecity DataDynamics Report Library Cross-Site Scripting
Grapecity’s DataDynamics Report Library is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. CVE: N/APublished: Mar 24 2011 11:00AMVulnerable: Version 1.6.1871.61 and earlier An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may […]
Auditing Users in Active Directory
Active Directory (AD) is Microsoft’s proprietary take on the widely utilised Lightweight Directory Access Protocol (LDAP) hierarchical database engine and underpins access control and central management for any Microsoft Windows based enterprise network. It is an incredibly powerful system, but can become very difficult to administer if not handled carefully. As a result, regularly reviewing […]