Thursday, 5 November 2015

Pentesting CMS : Wordpress Joomla Drupal

Hello All, Today we will see how we can pentesting CMS like wordpress, drupal, joomla etc.

Sometimes we might get CMS based website or application to do perform VAPT. Pentesting CMS is just like a head ache, Because in CMS the back-end codes are mostly pre-defined as CMS nature and behaviour, Any one can download the CMS package and create his website or blog in seconds without knowing any knowledge of coding and extra skills.

So finally while Pentesting CMS we have to fight with the pre-define codes or you can Static code which id designed by experts like wordpress, drupal, joomla etc.

First of all we have to map our target for structured view. It will better if we crawl our target using different tools like Burp will be the great option, Apart from this we can use "dirb" present in kali linux which will brute force the URI and directory name for possible existence.

Friday, 23 October 2015

Attacking JSON Application : Pentesting JSON Application

Hello all, Its quite long time i have dosn`t updated my blog. So  here we go.

Today we will see how we can pentest  JSON Web Application.

Note- Some of the methods are taken from third party resources and some are presented as my personal experience.

First What Is JSON According To JSON Website.

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999

"In a lemon language JSON is typically used Javascript to pass the parameter". Like Below HTTP Request.

GET /site/getuserinfo=narendrabhati HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:44.0) Gecko/20100101 Firefox/44.0
Content-Type: application/json;

Thursday, 10 September 2015

Web2py 2.9.11 Open Redirection Vulnerability , CVE-2015-6961

Web2py Open Redirection Vulnerability Technical Details & POC.

# Vulnerability Title : Web2py 2.9.11  Open Redirection Vulnerability
# Reported Date      : 27-Jan-2014
# Fixed Date             : 2-July-2015
#  Author                   : Narendra Bhati
# CVE ID                  : CVE-2015-6961
# Additional Links –

Thursday, 27 August 2015

Wolf CMS Arbitrary File Upload To Command Execution - CVE-2015-6567 ,CVE-2015-6568

Wolf CMS  Arbitrary File Upload To Command Execution

Full Technical Disclosure Of  Wolf CMS  Arbitrary File Upload To Command Execution

# Exploit Title          : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution
# Reported Date      : 05-May-2015
# Fixed Date             : 10-August-2015
# Exploit Author     : Narendra Bhati
# CVE ID                  : CVE-2015-6567 , CVE-2015-6568
# Additional Links -
1. Description

Saturday, 4 July 2015

Information Security Controls

Information Security controls is mechanism or a set of rules to to decrease the risk in terms of vulnerability , internal and external threads etc. Information security also covered the other aspects of an organisation like Computer Security , Physical Security , Network Security , Business Continue Planning , Disaster Recvery Planning, Counter Measures With Existing Or Future Attacks.

These controls facilities an organisation to keep his Information Confidentiol from external or internal attacks, Its maintain and help organisation to keep running their system after any attacks.

Its also proview you an view that how much your Information secure.

Here are some important thing which you should be covered under Information Security Controls.

  • This rule comes under the physical security , In this set each and every person should be pass into the organisation by well managed physical security which should be monitor properly to identify the unknown Intruder.

  • Every information which generated or produce in an Organisation should be properly backup time to time to prevent data loss due to hacking attempt and system failure, Its also recommended to create an extreme back and restore system which should run and managed properly.

  • Incident Response should be there to perform an immediate reply for any incident which can be anything like , Fire attack , physical attacker or any technical hacking attack.

  • Keep you employee Train And Educated about Any incident its also covered in Information Security Controls , If your employee is well trained about these types of situation then there will be less chance of any loss in an organisation.

  • Log monitoring Must be in organisation to identify the Inside and outsider attack before the incident happened , Many organisation use Log Monitoring for their web application and internal system , Incoming and outgoing traffic.

Information security controls are mainly Devided in 7 Categories

1. Network Security

2.Access Control

3. Security Management

4.Physical Security

5.Business Continuity & DR Planning

6.Operations Security

7.Application/System Security

1. Network Security Controls

Network Security Controls if the first or the important part for an organisation because this part start from bottom line or you can say that this is the heart of any Company . Network Security Covers his internal devices like routers , Switcher and other devices which is very important for an organisation to continue his work.

Setting Up firewall and UTM are recommended for every organisation to keep controls on their Network Environment .

2. Access Controls

Access controls Covers the right or privilege for each and every user which is under an organisation and internal employees , Access controls is comes as Authorization.This is very important that every user his limited user privilege and right to continue his work , Like an employee for any organisation should not able to access administrator level access things action Like changing some one password , access to internal resources , Etc.

 3. Security Management

Security management is the classification of an organization assets inventory which should be followed by proper guidelines , rules set and documentation.Many organisation create Security Policies which should followed by his employee. Like no employee can bring any storage devices in office primasius which decrease the risk of insider data theft.

4. Physical Security

Physical Security its also an important factor for an organisation to identify an unknown intruder or attacker, decrease the risk of business loss like fire attack , earth quake or any natural or unnatural attack.

Many things are comes under the Physical Security Like , CCTV Cameras, Security Guards , Fire Preventions Systems

Entry Gates authentication such like Finger Print Scanner or Eye Detection Mechanism.

5. Business Continuity & DR Planning

Business Continuity & DR Planning allow an organisation to keep running his business regularly if he is/was under attack , Data loss or system failure.

This control managed the whole data of an organisation which automatically back up time by time , to restore  in case of data loss or any hacking attack.

6. Operations Security

OPSEC ( Operation Security ) Covers unwanted or unintended risk which can be performed against us,OPSEC maintain these all things to take care that is there any information can be used against us or not.

7.Application/System Security

Application/System Security is an major control for an organisation to maintain his on-line identify safe and confidential. This controls covers that we should maintain our Application/System Security by different technologies like Firewall , IPS , SIEM and Other Log Monitoring Systems.

This will help an organisation to keep them self secure before or while the attack.

Tuesday, 30 June 2015

Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass

Hello All While pentesting an application we might face some problem of  Brute Force Protection , Login Attempt Protection And Captcha Based Protection , So today we will see how can "Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass"

First of all we will not use any kind of ready made tools for this , So lets begin !

Many people will think that this is a small issue, But if we look closely an attacker point of view then we will came to know , that By Brute Forcing any login panel can allows an attacker to gain administrative privilege instead of looking for vulnerabilities like RCE , SQL Injection and other critical vulnerability which might also allow us to take the Root or Administrator Level access.

Here i am describing many different techniques which i have observed while pentesting or hunting bugs.

Friday, 8 May 2015

Testing Of Broken Session Management & Authorization By Burp

Hello all folks ,Nice to meet you again guyzz !

Today we will see that how we can do Testing  Of Broken Session Management & Authorization By Burp Suite Quickly against an large application which contents thousands of pages , Like financial application also like banking application.

This can be very informative for those new guyz who dont know about it and for those also who also know about it already , i am just showing you that how we can do this more quickly with some percentage of accuracy because nothing is perfect ! :)


Tuesday, 31 March 2015

Abusing Windows Opener To Bypass Certain Restriction ( CSRF Bypass )

Hello all =D , Hope you are doing well

Today we will see that how we can Abuse Windows Opener function to bypass certain restriction in web application.

So first lets see what is Windows Opener Function

According To Mozilla Developer Guide 

When a window is opened from another window, it maintains a reference to that first window aswindow.opener. If the current window has no opener, this method returns NULL.  Windows Phone browser does not support window.opener.  It is also not supported in IE if the opener is in a different security zone.


Monday, 26 January 2015

NPDS CMS SQL Injection - CVE-2015-1400

Hello folks ! its a long time left i did not write any finding from 2 months , So today i will share one of my finding about NPDS CMS Time Based SQL Injection

What Is NPDS CMS - Beyond content management 'classic', NPDS implements a set of functions specifically dedicated to the management of community and collaborative working groups.
This is a C ontent & C ommunity M anagement S ystem ( CCMS) robust, secure, complete, efficient and really speaking French. Manage your community of users, your collaborative work groups, publish, manage and organize your content with powerful tools available basis.

You can find more about NPDS CMS from this link

So lets come to the finding !