Jump to content

digininja

Global Moderators
  • Posts

    4,004
  • Joined

  • Last visited

  • Days Won

    210

Contact Methods

  • Website URL
    https://digi.ninja
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Sheffield, UK
  • Interests
    Hacking, Coding, Climbing

Recent Profile Visitors

33,559 profile views

digininja's Achievements

  1. What you'd be better looking for is business logic flaws. Things like missing authentication or authorisation checks and direct object reference issues. A WAF can't spot those so won't be able to block them. On any modern site they also tend to be much more common than traditional SQLi or XSS issues because the frameworks help protect the developer against those.
  2. This isn't the best write-up but explains a joomla vulnerability that is similar to the type of thing you'd be looking for. https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/
  3. I don't know anything about that specific WAF so can't tell you anything definite, but what I would do would be to find a page that has some inputs and that blocks your attacks. You then play with different encodings to work out what is triggering it and what is allowed through. Once you've worked that out, you then have to try to use what you've found to get useful strings through. To be honest though, if you are a beginner and they are an established WAF, I don't give you much chance of finding anything. All the low hanging bypasses will leave been picked off a long time ago. The things that are likely to be left are things like cve-2023-3824 which was used against Lockbit. I know that isn't WAF bypass, but it uses the same techniques, encoding things in odd ways so one system sees them one way and the other system a different way. There is a really good write up for that vulnerability but I can't find it at the moment, if I find it I'll try to remember to post it.
  4. If they don't really care then just throw a bunch of automated stuff at it, do whatever manual stuff you can, but then make sure you stress in the report that the WAF was in place for all the test so you can't guarantee the results. If a client can't be bothered then I'm not going to put any more effort in than I need to and I'll make sure I cover my arse in the report.
  5. Analysed in what way? What is the traffic from and what do you want out of it? Anything you post will be made public so anything sensitive in there will also be public. Also, if there is anything illegal in there, that will become public as well and you will be liable for it.
  6. There are actually quite a few options, most of the big names make a Linux version of their tools. They are generally unnecessary so unused and so not talked about.
  7. This isn't the product I was thinking of but it does the same thing. https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-content-disarm-and-reconstruction-cdr/
  8. I'm guessing the suggestion was going to be to upload something like Virus Total but that won't work for this. If all you are handling is PDF files, you could look at disassembly and reassembly. I can't remember the name but there is a company who do it for email attachments, they strip documents down and then put them back together without anything unnecessary in them.
  9. So it is to scan the files that have been uploaded rather than to protect the server itself as the files won't actually get executed on the server so wouldn't be able to do it any harm. Unfortunately I still can't recommend anything as I don't run AV on any of my Linux boxes, but I was just curious about the use case. I think one of the things you need to watch out for is that whatever you chose has to be generic enough to scan for malware that could affect any OS. Don't pick something that will only detect things that affect Linux boxes.
  10. What are you looking to protect against? That doesn't sound like you need virus protection, more like NIDS/NIPS and good firewalling.
  11. I've never used AV on Linux, are you just being cautious or has something happened to trigger you needing it?
  12. If he has a way to remotely take over a new Android phone then he had a million dollar exploit in his pocket. He would not waste it annoying you he would sell it and be enjoying the high life. Similar for the rest of the attacks you describe. The limits you've seen on the forum are the same limits all new users get, you aren't special. As expected, we've had at least one "I recommend contacting x" reply to this thread. This is one of the scams, there are a few backwards and forwards replies then suddenly all is fixed and a glowing review is posted for person x. The other common one is to gain someone's trust then give them an account supposedly belonging to the attacker and tell them if they could gain access to this account for them they would have all the proof they need. This isn't the attacker's account, it is just someone they want to get access to and they are having you do the initial illegal act for them. Out of interest, how many people have been contacted directly by this person?
  13. This is going to sound harsh, but we get requests like this every few months and they are always scams trying to recruit people to do illegal activities. If this is real, file police reports and send some actual evidence.
  14. How you get started depends on what you are interested in, if you favour web app testing, then I'd suggest learning one or two web app languages to the point you can develop a basic app and deploy it on a fresh machine, that way you'll get an understanding of everything from the OS upwards. If you are more interested in networking, build some networks. Look at CCNA or the courses offered by the GNS3 team. Same for mobile, reverse engineering, exploit dev, or any other area. Learn the fundamentals first, then look at learning how to test it. This is a much slower and less sexy way to do things, but it gives you a much better understanding so you'll end up progressing much faster once you get into it. As for which OS, I prefer Debian and installing all the tools I need from scratch. That way I know that they actually work and how the work. I've seen pre-installed tools on Kali and similar platforms that just don't work but testers who don't know what they do and how to know if they work or not just use them and are oblivious to the fact they aren't working. If you install a tool yourself and test it, you'll know much more about what it is doing so will know what it is telling you rather than just reading the output and dropping it in a report.
  15. Having seen the test reports from some companies, you don't have to be that good unfortunately!
×
×
  • Create New...