SANS Penetration Testing

Exploiting XXE Vulnerabilities in IIS/.NET

By Chris Davis XXE (XML External Entity) attacks happen when an XML parser improperly processes input from a user that contains an external entity declaration in the doctype of an XML payload. This external entity may contain further code which allows an attacker to read sensitive data on the system or potentially perform other more … Continue reading Exploiting XXE Vulnerabilities in IIS/.NET


A Spot of Tee

The Restricted Bash Shell By Daniel Pendolino Counter Hack The Bash shell is a nearly ubiquitous way to interact with a Linux console. A little know feature is the restricted Bash shell, which you can invoke by calling rbash or bash -restricted. While it isn't something you would normally opt into, it certainly a situation … Continue reading A Spot of Tee


Go To The Head Of The Class: LD_PRELOAD For The Win

By Jeff McJunkin Imagine a Linux binary compiled from the following source: #include #include int main(){ int duration = 15 * 1000 * 1000; /* microseconds are hard */ printf("Starting, please wait..."); usleep(duration); printf(" Done!\ The program started up or whatever.\ "); return 0; } Now, dear readers, what if we wanted the program to … Continue reading Go To The Head Of The Class: LD_PRELOAD For The Win


Why You Need the Skills to Tinker with Publicly Released Exploit Code

By Chris Davis If you are a security enthusiast, like me, then you likely find yourself tinkering with exploit code for most of the major vulnerabilities that are released. This "tinkering" can be incredibly valuable to security researchers, blue teamers, and especially penetration testers. In fact, I frequently find myself modifying and testing public exploit … Continue reading Why You Need the Skills to Tinker with Publicly Released Exploit Code


Understanding and Exploiting Web-based LDAP

By Chris Davis Enterprisesfrequently contain Active Directory environments to manage domain objects like users, organizations, departments, computers, and printers. Combine this with anincrease in custom web applications and organizationsnaturally desire to integrate these two technologies together. This integration is an excellent way to create centralized authentication to their domain but also provides a method to … Continue reading Understanding and Exploiting Web-based LDAP