Some days ago, I had to test a web application consisting in a Java applet. Like always, I direct all traffic through my favourite HTTP Proxy, Burp Suite, but the…
Some days ago we decided to test Windows To Go. After installing Windows 8.1 on a Sandisk Extreme USB 3.0 64 GB key we incurred into a problem. The system…
Some days ago we tried to use the "exploit/multi/http/hp_sys_mgmt_exec" Metasploit module on one of our targets. The host was vulnerable but a Meterpreter session was not opened: [crayon-5da7dfb742d0a188619392/] After some…
McAfee Virus Scan Enterprise has a feature to protect settings modification from server admins by setting a password. This password is stored into registry, before version 8.8 the hash of…
Deployed Apps Listing From jmx console use the MainDeployer agent (picture #13) direct url: [crayon-5da7dfb743c20188210814/] click on revoke on java.util.Collection listDeployed() item (picture #14). Deployment Scanner [crayon-5da7dfb743c28632500598/] Shutdown From jmx…
to see scheduled jobs select job from USER_JOBS; to see what a job do SELECT JOB, WHAT FROM USER_JOBS WHERE JOB = job_name; to log all sys and system commands;…
This article is nothing new, but it focalizes on giving all information needed to do a sql injection on a SQL SERVER (mssql). All queries will not modify or add…
Oracle 10g Application Server till 10.1.2 .1.0 remote exploiting of what described in: Testing_for_Oracle Bugtraq ID 16384 This example makes use of injection in ORASSO.HOME but these path also work:…
JBOSS is an application server/middleware that use Apache Tomcat as jsp engine; this paper explains how to deploy a custom application in order to operate (read, write, execute) with the…
