exploit | RobWillis.info / #yolosec Fri, 09 May 2025 08:11:20 +0000 en-US hourly 1 https://wordpress.org/?v=6.9 Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection /2018/08/apache-struts-cve-2018-11776-testing-analyzing-detection/ Fri, 31 Aug 2018 13:49:06 +0000 /?p=3843 Intro Any time a new Apache Struts vulnerability comes out it should be taken pretty seriously as there are many “mission critical” systems that are leveraging the framework, with a considerable amount of them being public facing. Unfortunately, as a former Sys Ad I can tell you that many of these systems will go on […]

The post Apache Struts CVE-2018-11776 – Testing, Analyzing, & Detection first appeared on RobWillis.info.]]> Exploiting Apache Struts – CVE-2017-9805 /2017/09/exploiting-apache-struts-cve-2017-9805/ Sat, 16 Sep 2017 03:53:16 +0000 /?p=3255 CVE-2017-9805 is yet another very legitimate vulnerability in the Apache Struts framework. In the video, I demonstrate how easy it is to run a simple public python script against a vulnerable remote server, ultimately resulting in a reverse shell back to the attacker. In this post, I will cover all the steps shown in the […]

The post Exploiting Apache Struts – CVE-2017-9805 first appeared on RobWillis.info.]]> Metasploit Framework basics on Kali Linux – Owning a Windows Server /2016/08/metasploit-framework-basics-on-kali-linux-owning-a-windows-server/ Thu, 18 Aug 2016 12:36:00 +0000 /?p=2912 In this post I want to talk about the basics of using the Metasploit Framework that is included on the latest version of Kali Linux. If you don’t already know the Metasploit Framework is a project that makes writing and utilizing exploits relatively easy and it’s components are very modularized. Metasploit has everything you need […]

The post Metasploit Framework basics on Kali Linux – Owning a Windows Server first appeared on RobWillis.info.]]> IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2 /2013/09/iis-77-5-hardening-ssl-tls-windows-server-2008-r2/ Sat, 21 Sep 2013 00:40:52 +0000 /?p=2098      One of the first steps you should do when deploying a new public facing web server is hardening your server’s SSL/TLS connections. Disabling vulnerable protocols, ciphers, hashes and key exchange algorithms can help mitigate the now more common exploits like the BEAST attack. By default many weaker technologies are enabled, leaving IIS traffic vulnerable and […]

The post IIS 7/7.5 Hardening SSL TLS – Windows Server 2008 R2 first appeared on RobWillis.info.]]>