Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sn0wm4n

Pages: [1]
1
Hacking and Security / Re: JSP Execution
« on: February 20, 2014, 09:20:37 pm »
I just tried a php script on my server and it still renders the php correctly even when its not the +x flag isn't set for anyone. rw-rw-rw still renders fine. Is that different for JSP?

2
Hacking and Security / Re: JSP Execution
« on: February 20, 2014, 06:39:18 am »
So it look like it lacks the executeable flag .
You tried explicitly changing +x for the file ?


I haven't but I thought that it was irrelevant since scripts like that are only read by the php or httpd or whatever servers and not executed like a script would be. Is that incorrect?

3
Hacking and Security / JSP Execution
« on: February 20, 2014, 04:24:25 am »
I found a site that starts at a .jsp page. Deeper down there is an unsecured uploader. I've tried uploading a simple .jsp script to try to get it to execute but no matter what I do, I can't get it to render. I've tried different file extensions, hell I've even tried asp and php scripts but instead of anything rendering, they just download when you try to access them on the server. Now why would it respond to the first .jsp but not anyone uploaded ones?

4
Hacking and Security / Average Method for Finding Vulns
« on: February 19, 2014, 12:32:42 am »
I've learned a fair amount of a lot of different vulns but I've been wondering if there was a general way that most people go about cracking some target that they happen upon.


Like does it usually start with an nmap or nikto scan or something like that? Or a full fledged vuln scanner like openVAS or Nessus? That seems like it would simplify a lot of searching through the site but it seems like a full fledged scanner over the internet would put you in hot water because of the traffic it would generate. And same thing with spidering through a site.
Or are most sites cracked through problems with the service itself like buffer overflows
Then that brings SQLi, RFI, and XSS stuff...


There seems to be a long list of things that *can* be attacked but is there general list of things to try before others?


5
General discussion / Re: Understanding This Network
« on: November 14, 2012, 01:25:46 am »
When I traceroute, the request always times out.


I've connected to my ftp server off site before and my ftp server shows a connection from the same IP given to my computer (the public IP), not the IP of my default gateway or any router I may be behind.


I connected two different wireless cards on the same computer to the same access point. One was given the IP 130.18.234.x with default gateway 130.18.234.1 and the other card was given the IP 172.17.0.x with the default gateway 172.16.0.1. A different computer connecting to the same access point was given the IP 130.18.175.x


Here's another conundrum though. When connecting to the ftp server through 130.18.234.x, it shows that it's connecting through 130.18.234.x. But when I try to connect through 172.17.0.x, the ftp server is showing a connection through 130.18.37.x.  Traceroute doesn't work for either card


Can someone offer an explanation how this works??

6
General discussion / Re: Understanding This Network
« on: November 13, 2012, 02:52:22 am »
I actually have a decent understanding of TCP/IP but I'm not making these IPs up. Connecting to the same access point, I  have the IP 130.32.186.5 and my other computer has the IP 130.32.184.65. These obviously aren't real IPs but they have the same B Class I think is the term (the first two numbers are the same.)

7
General discussion / Understanding This Network
« on: November 13, 2012, 12:24:37 am »
I'm trying to understand how this university network works. I'm just gonna make up IPs to explain


My IP on the wifi is 5.5.5.5. Another computer on the same network is 5.5.4.4. The default gateway of the 5.5.5.5 is 5.5.5.1 and the DCHP server for 5.5.5.5 is 5.5.3.3. I'm confused how all this works especially considering were not behind any type of router or anything. My IP is an internet IP, not a local IP like 192.168.x.x or 10.x.x.x.


How is this network set up to give each computer that connects to wireless its own internet IP and how the IPs are determined. Like does the university by a range of IPs from the service provider or what?

Pages: [1]