Posts

Showing posts from January, 2020

OWASP Ecuador Chapter-ENP Hacking Challenges walk through

Image
OWASP Ecuador Chapter - EPN Hacking Challenges You can Play OWASP Ecuador Chapter-ENP Hacking Challenges using the link . Front page of OWASP Ecuador Chapter-ENP Hacking Challenges. IT consists of 10 challenge round. Round 1: Clue: Question :             We have to find the Emp-code and password to crack the Level 1.               While analysing the page we couldn’t find a clue for solving the issue. After viewing the page source.We can identify the clue to login the emp-code and password. <font color="#808000"> </font>&nbsp;<font color="#FFFFFF"><span lang="el">&nbsp;</span>white, rabbit</font> In color=”#FFFFFF” indicates the white color in the white background. We have 2 values respectively white,rabbit. Using this value we are able to successfully login into the main p...
Post a Comment
Read more

Vulnerable Code and Mitigation

File Upload Vulnerabilities: Those websites which accept upload MUST always check the filetype of the uploaded files. Otherwise malicious users can upload various types of executables to the website. $_FILES['file']['tmp_name']  − the uploaded file in the temporary directory on the web server. $_FILES['file']['name']  − the actual name of the uploaded file. $_FILES['file']['size']  − the size in bytes of the uploaded file. $_FILES['file']['type']  − the MIME type of the uploaded file. $_FILES['file']['error']  − the error code associated with this file upload. Code Snipplet: // Define the target location where the picture being // uploaded is going to be saved. $target = "pictures/" . basename($_FILES['uploadedfile']['name']); // Move the uploaded file to the new location. if(move_uploaded_file($_FILES['uploadedfile']['tmp_n...
Post a Comment
Read more

Email Spoofing

Image
What is email spoofing?                 Email spoofing basically comes down to sending emails with a false sender address. This can be used in various ways by threat actors. Obviously pretending to be someone else can have its advantages especially if that someone else holds a position of power or trust with regards to the receiver. Why SPF Record?               Sender Policy Framework is an email authentication method designed to detect forging sender addresses during the delivery of the email. How to spoof an email? Check SPF record is present for a domain.If there is no spf Record mean you easily spoof the email. To check SPF Record use below tools: Mxtool             If Domain has a vaild SPF record,We cann't spoof the email.  Go to http://emkei.cz/  Fill "From Email" field to admin@ Domain.Name  To spoof...
Post a Comment
Read more