SANS Penetration Testing: Monthly Archives: Dec 2014

PHP Weak Typing Woes — With Some Pontification about Code and Pen Testing

By Josh Wright The other day I was reading Jos Wetzels' post on the Full Disclosure mailing list regarding a vulnerability in the open source social networking kit HumHub. One of the issues he pointed out was a PHP 'type juggling' attack where an attacker can force a password reset against HumHub for a user … Continue reading PHP Weak Typing Woes — With Some Pontification about Code and Pen Testing


Awkward Binary File Transfers with Cut and Paste

[Editor's note: Josh Wright spins up another useful blog article about different ways to move files to and from Linux systems. Lots of nice little tricks in this one. Thanks, Josh! -Ed.] By Josh Wright Sometimes I find myself with access to a remote Linux or Unix box, with limited opportunity to transfer files to … Continue reading Awkward Binary File Transfers with Cut and Paste


Using Built-Ins to Explore a REALLY Restricted Shell

By Ed Skoudis and Josh Wright Josh Wright and I were working on a project recently which involved a target machine with a really restricted shell environment. I'm not talking about a mere rbash with some limits on the executables we could access, but instead a shell so restricted we could not run any binaries … Continue reading Using Built-Ins to Explore a REALLY Restricted Shell


Finding Zero-Day XSS Vulns via Doc Metadata

[Editor's Note: Chris Andre Dale has a nice article for us about cross-site-scripting attacks, and he's found a ton of them in various high-profile platforms on the Internet, especially in sites that display or process images. He even found one in WordPress and responsibly disclosed it, resulting in a fix for the platform released just … Continue reading Finding Zero-Day XSS Vulns via Doc Metadata


Pen Test Hackfest Talks - Some GREAT Reads

A couple weeks ago, we held our annual SANS Pen Test Hackfest, a really wonderful event where we run 3 nights of NetWars challenges, 1 night of CyberCity missions, Coin-a-palooza (where attendees can earn SANS Pen Test Coins for classes they've taken before), and much more. This year, we even went on a field trip … Continue reading Pen Test Hackfest Talks - Some GREAT Reads