Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Pandles7

Pages: [1]
1
Tutorials / Re: Exploiting CVE-1999-0184 DNS Poisoning
« on: February 29, 2016, 12:00:01 am »
Nice, I used another script-kiddie tool for this. I heard that you could fake an update to make all the windows computers on your network to download you malicious "update" - Pretty interesting, this could also be used if you've infected one machine and use it as a pivot to infect the rest of the network.

2
EDIT: This is just a basic insight into some webapplication vulnerabilities that exist, you must research them yourselves if interested.

Hello people of Evil Zone,

I am here to teach people who are interested in Web-Application Pentesting and don't know how or where to start. In this post I will be teaching you how to setup XAMPP and DVWA (Damn Vulnerable Web Application) - Sandbox webapps that have been built to be exploited. They contain most of the most popular exploits of this generation such as the following:

* SQL Injection
* Blind SQL Injection
* XSS Exploits (Stored)
* XXS Exploits (Refective)
* Brute Force Exploits
* And more!

This will truly improve your skills as a webpentester, okay well LET'S BEGIN!

                            STEP 1: Installing and setting up DVWA

Step 1: Download an old version of XAMPP (Due to DVWA only supporting an old version of php)
Link: http://www.oldapps.com/xampp.php?old_xampp=12532

Step 2: Download latest version of DVWA (Version 1.9)
Link: http://www.dvwa.co.uk/ (Scroll down to the bottom, locate the "Download" button)

Step 3: Once you've downloaded both of these packages install XAMPP and locate where you installed the files (Program Files) then go to the "htdocs" folder and extract the DVWA folder in there, make sure that there isn't a folder inside the DVWA-1.9 folder it should look like   htdocs - DVWA-1.9 - Files

Step 4: Rename the DVWA-1.9 folder to "DVWA" - Without the quotes.

Step 5: Fire up XAMPP and start the MySQL & Apache services

Step 6: Open up your favored browser (I use chrome due to firefox's leakage of webrtc requests and IE's security problems) - Head over to "localhost/DVWA" it should redirect to the setup page but incase it doesn't then go to "localhost/DVWA/setup.php" scroll down tell you see "Setup Database"

  Its going to give you some gay error, idk why it does that but here's how to fix it, simply go to your DVWA folder in your XAMPP folder and go to the "Config Folder" and then open up the the only file in there with notepad/notepad++ and change this part.

To this

Then go back to the  site and click create/reset database and it should say "Created blah blah" no errors.
If it doesn't redirect you go to localhost/DVWA/login.php - The login is:

Username: Admin
Password: password or Password

Gratz now you've successfully setup DVWA on XAMPP -- Now, what do we do? Start pentesting the crap out of it's many modules as I stated above. I'm also going to be covering this in the near future (Today, tomorrow) going through every individual module and security type.

Thanks for reading, I will be adding to this with tutorials so "stay tuned"  8)
 
                                            EDIT #1: XSS Vulnerabilities (Stored/Reflective)
As I promised I shall add tutorials on how to use DVWA's modules, in this edit I'll be talking about XSS exploits, how they work, how to exploit them, and why they're a VERY serious threat.

There are 3 types of XSS exploits, stored, reflective and DOM based xss exploits. However I will not be covering DOM based XSS exploits due to its rarity. Difference between em is that the XSS stored saves the malicious JScript on the server so it gets automatically executed, where as reflective the reflective XSS one has the malicious JScript in the URL not on the server: some social engineering will be required in-order to use it, I'll talk more about it at the end of this.

How do they work ey? A basic answer would be they execute user-submitted java-script to other users, you're probably wondering what the purpose of this would be? Who cares its only Javascript, wrong. You can use Javascript and other techniques to COMPLETELY own a computer/server by stealing cookies, redirecting to malicious websites, stealing history and much much more. - (Research about the BeeF framework if you're interested)
 
Okay before we begin here's a very important piece of information, modern browser have XSS protection integrated into the browsers (BUT THEY CAN BE BYPASSED) but to keep this tutorial simplistic I'm going to manually disable security protection on chrome you can do that by doing:
Creating a shortcut (right click, create shortcut)
 
Paste this in there ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --disable-web-security) okay now when ever you want to practice XSS pentesting you can just fire that open, I recommend you call the shortcut "Vulnerable Browser" or something like that so you don't get confused. OKAY LETS START XSS PENTESTING NOW!
                                                                STORED XSS:
1. Fire up your apache/mysql services using XAMPP and go to localhost/DVWA - as we previously setup - and login

2. Head over to 'Security Settings" and set the security down to low.

now go to the XSS(Stored) tab. This is an example of what you might come across in the real world (I personally have encountered this many times) as you can see it stores the value so that anyone who hits this page sees the inputs or in our case, malicious JScript  ;D

3. Due to this being a not-so complicated tutorial I'm going to skip over any sanitation a webapp would have and just input the most basic jscript (LOW Settings)- this is not always the case in the real world.
Anyhoo, input this code into the form under the name section:


lo and behold, the jscript has been executed, "now what, that's it" as I stated above with a little bit of creativity and ingenuity you can do anything such as this (<script>alert(document.cookie)</script>):

this is the cookie session id, if we add a little bit of code we could receive other users cookies and hijack their sessions and use their accounts, this would give us complete access to the forum if we got an admin to do this. If you think this is all hypothetical/far-fetched do some research and see how many big companies such as Apache that have had their websites compromised by this type of attack. Moving on to reflective attacks.
                           
                                                          Reflective XSS Attacks
This kind of attack is more popular then the stored one, however it is harder attack large amount of people due to you having to sending the malicious link to other users: but it is very possible.

1. Head over to the reflective xss tab

2. We need to find the vulnerable parameter, simply insert some random name into the box and submit. You'll see that it gives you your name back. Look at the url and remove the name you inserted and replace it with some malicious java script:

Example: <script>alert('Wormy takes too long to approve my threads')</script>
it should execute the script, yay.

Extra Notes:
Just because you could do this doesn't mean shit, this is super basic stuff. Up the protection level to medium and try the same thing: it won't work due to the application now including some sort of sanitation to your input before showing it back to the user, this renders your jscript useless (YES YOU CAN BYPASS THIS TOO, VERY SIMPLY) - Stay tuned for more tutorials, and please, if I wrote anything incorrect/inaccurate please notify me!

Post below if you have any questions or want to say thanks, stay tuned for next time  8)

 

 

Pages: [1]