Infosec News, BugBounty POC, CTF Writeup, Security Advisories, Approach for Bug Bounty

Hackfest2016: Sedna - VM Vulnhub.com Sedna Vulnhub Machine Walkthrough This is a vulnerable machine its created for the Hackfest 2016 CTF http://hackfest.ca/ Difficulty : Medium Lets Start This VM very kindly has the IP address already showing when you fire it up so I can skip the netdiscover , arp-scan and head straight to the NMAP scan to see what the VM has to offer. Command : nmap -A 192.168.0.133 Nmap Results I’ll make a note of all of them and (as usual) with these VM’s lets jump straight into the 80 http port and see what the website has to offer. I’ll just run a nikto scan before heading over to the webiste, the output (if any) should make our reviewing more efficient. Nikto findings (Interesting Results) Cool, so it shows there’s a robots.txt file. Lets fire up firefox and take a look at the site and that robots.txt file. Robots.txt file results The robots file didn’t have anything useful in it. :-(

What is OWASP :  The Open Web Application Security Project ( OWASP ) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. OWASP is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, OWASP has been releasing the OWASP Top 10 list every three/four years. The list consists of the top biggest Web Application Security Risks according to OWASP. The list is compiled with the latest vulnerabilities, threats and attacks, as well as detection tactics and remediation. OWASP Top 10 project members create the list by analyzing the occurrence rates and the general severity of each threat facing our rapidly evolving application world. Image Source google A-1) SQL INJECTION : W HAT IS IT? Websites and apps occasionally need to run commands on the underlying database or operati

  Vulnhub .com — Quaoar VM Walkthrough     Three Different Techniques to exploit a machine Vulnhub Machine This VM was made for hack fest 2016 and is listed as very easy. I had this one done in under an two hour with three different Techniques. Description Welcome to Quaoar This is a vulnerable machine which is created for http://hackfest.ca/ Difficulty  : Very Easy Tips: Here are the tools you can research to help you to own this machine. nmap, dirb / dirbuster / BurpSmartBuster, nikto, wpscan, hydra Your Brain Coffee Google :) Goals: This machine is intended to be doable by someone who is interested in learning computer security There are 3 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box     Different Techniques to Exploit : Reverse Shell Plugin Upload Metasploit Wordpress Exploit Payload Payload post in 404 page So Start with 1st Technique:- Reverse Shel