SANS Penetration Testing: Author - eskoudis

Putting My Zero Cents In: Using the Free Tier on Amazon Web Services (EC2)

By Jeff McJunkin Counter Hack Hello, dear readers! Many times when penetration testing, playing CTF's, or experimenting with new tools, I find myself needing ready access to a Linux installation of my choosing, a public IPv4 address, and...well, not a lot else really. I like Virtual Private Servers (VPSs) for this purpose - essentially a … Continue reading Putting My Zero Cents In: Using the Free Tier on Amazon Web Services (EC2)


Your Pokemon Guide for Essential SQL Pen Test Commands

By Joshua Wright Counter Hack As a pen tester, it's not enough to exploit targets and get shells. That's great (and it's a big part of what we do), but the real value to the customer is to demonstrate what the effective risk is from the successful exploitation of a vulnerability. In order to answer … Continue reading Your Pokemon Guide for Essential SQL Pen Test Commands


Exploiting XXE Vulnerabilities in IIS/.NET

By Chris Davis XXE (XML External Entity) attacks happen when an XML parser improperly processes input from a user that contains an external entity declaration in the doctype of an XML payload. This external entity may contain further code which allows an attacker to read sensitive data on the system or potentially perform other more … Continue reading Exploiting XXE Vulnerabilities in IIS/.NET


A Spot of Tee

The Restricted Bash Shell By Daniel Pendolino Counter Hack The Bash shell is a nearly ubiquitous way to interact with a Linux console. A little know feature is the restricted Bash shell, which you can invoke by calling rbash or bash -restricted. While it isn't something you would normally opt into, it certainly a situation … Continue reading A Spot of Tee


Go To The Head Of The Class: LD_PRELOAD For The Win

By Jeff McJunkin Imagine a Linux binary compiled from the following source: #include #include int main(){ int duration = 15 * 1000 * 1000; /* microseconds are hard */ printf("Starting, please wait..."); usleep(duration); printf(" Done!\ The program started up or whatever.\ "); return 0; } Now, dear readers, what if we wanted the program to … Continue reading Go To The Head Of The Class: LD_PRELOAD For The Win