Khai Tran
May 16, 2013
The process of patching a Java executable (.jar files) without the original source code has been known for a while. As I know of, currently there are two ways of doing it: Decompile the executable > Import …
READ POST
NetsPWN: Assessment Services
NetsPWN: Assessment Services
File upload vulnerabilities and web shells are not a novelty when talking about web application security. It’s not rare to see a web shell result in a full compromise of the web server. For example, Metasploit can generate uploadable web …
READ POST
NetsPWN: Assessment Services
Last week Karl Fosaaen described the various trials and tribulations we went through at a hardware level in building a dedicated GPU cracking server. This week I will be doing a complete walkthrough for installing all the software that we use on our box. This includes installing the operating system , AMD drivers, oclHashcat-plus, and John the Ripper with OpenCL support.
READ POST
NetsPWN: Assessment Services
This winter, we decided to create our own dedicated GPU cracking solution to use for our assessments. It was quite the process, but we now have a fully functional hash cracking machine that tears through NTLMs at roughly 25 billion hashes per second (See below). While attempting to build this, we learned a lot about pushing the limits of consumer-grade hardware.
READ POST
NetsPWN: Assessment Services
Many times during our mobile application penetration testing, we are finding the applications are vulnerable to man-in-the-middle attacks (MITM). Certificate pinning is one part of the answer to MITM attacks in a mobile application. For those who do not know …
READ POST
NetsPWN: Assessment Services
Lately, I’ve been working with some older technologies, and I’ve gotten to play with some of the restricted access shells that used to be popular. Many older appliances used to include an sshd that allowed users into a chroot jail …
READ POST
NetsPWN: Assessment Services
I recently wrote a blog post about cracking email hashes from the iOS GameCenter application. During my research on the issue, I noticed that there were a number of games where users had insanely high scores. Lots of the users also had the exact same score (9,223,372,036,844,775,807) for each of the games that they played. Coincidentally this number is the largest possible signed integer value that you can have. It turns out that getting these high scores isn't that hard to do.
READ POST
NetsPWN: Assessment Services
At some point, all penetration testers get asked, “Where did you learn all this stuff?” In my experience, the question often comes from clients and students interested in pen testing. Usually, they’re asking because they aren’t sure where to start. There are a number of two- and four-year college programs that can provide a nice structured approach, but generally I think penetration testing is like any other skillset; if you find the right resources, a good direction, and study hard, you’ll acquire the skills you’re looking for. However, I will say that it does help to already have a strong IT background.
READ POST
NetsPWN: Assessment Services
I’ve written a plugin for Burp that takes a WSDL request and parses out the operations that are associated with the targeted web service and creates SOAP requests which can then be sent to a web service. This plugin builds upon the work done by Tom Bujok and his soap-ws project which is essentially the WSDL parsing portion of Soap-UI without the UI.
READ POST
Solutions
Services
About NetSPI
Contact Us
Copyright ©2012 NetSPI Inc. All rights reserved