I recently moved into Mountain Lion (OSX 10.8) and the first thing I wanted was to install rvm to be able to get ruby 1.9.3 in the machine and be able to do some development with it, but as usual it was not as easy as it seemed (The joke is on me!) so here are the steps I took to install rvm and ruby 1.9.3 in OSX Mountain Lion.

Read the rest of this entry »

For anyone that has done a long source code audit is not about really finding the easy/low hanging fruit stuff that can be slow and sometimes a bit “frustrating”. I recently had a nice 660,000 lines of code source code audit to be done in less than 2 weeks, the language was Java, so the first thing that was to be done (they had already hit fortify and other tools with it) and were looking for a bit of more interesting stuff apparently. This raised some specific problems while working and finding the vulnerabilities and exploitability of them.

Read the rest of this entry »

“You have X amount of Cross-Site Scripting vulnerabilities”. That is a phrase most web developers have heard at least one time, what is a Cross-Site Scripting vulnerability?

OWASP defines Cross-Site Scripting as:

“Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.”

Read the rest of this entry »

Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in a big rant about it) so I started on what everyone does: update your version.

And something interesting happened, sqlmap enumeration broke (gorgeous) but it didn’t look much like it, it baffled me at first, so much that I had to do all by hand and asked psymera if he changed something, he said no.

So this is the info of the updated sqlmap version to that date:

root@fsckOSX:/pentest/database/sqlmap# svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 4380
Node Kind: directory
Schedule: normal
Last Changed Author: stamparm
Last Changed Rev: 4380
Last Changed Date: 2011-09-19 12:08:08 -0700 (Mon, 19 Sep 2011)

the SVN rev is 4380, latest at Sep 19th, here is the example of a run against the vulnerable web server with this revision.

Read the rest of this entry »