Tag: exploit
-
Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection
Intro Any time a new Apache Struts vulnerability comes out it should be taken pretty seriously as there are many “mission critical” systems that are leveraging the framework, with a considerable amount of them being public facing. Unfortunately, as a former Sys Ad I can tell you that many of these systems will go on…
Written by
-
Exploiting Apache Struts – CVE-2017-9805
CVE-2017-9805 is yet another very legitimate vulnerability in the Apache Struts framework. In the video, I demonstrate how easy it is to run a simple public python script against a vulnerable remote server, ultimately resulting in a reverse shell back to the attacker. In this post, I will cover all the steps shown in the…
Written by
-
Metasploit Framework basics on Kali Linux – Owning a Windows Server
In this post I want to talk about the basics of using the Metasploit Framework that is included on the latest version of Kali Linux. If you don’t already know the Metasploit Framework is a project that makes writing and utilizing exploits relatively easy and it’s components are very modularized. Metasploit has everything you need…
Written by
-
IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2
One of the first steps you should do when deploying a new public facing web server is hardening your server’s SSL/TLS connections. Disabling vulnerable protocols, ciphers, hashes and key exchange algorithms can help mitigate the now more common exploits like the BEAST attack. By default many weaker technologies are enabled, leaving IIS traffic vulnerable and…
Written by
