Internet of Insecure Things

Jun 3, 2018 - 3 minutes
A couple of weeks back, I got the opportunity of pentesting an IoT device. To give a brief background, it was a Pi running Apache which served static content. Recently, there has been a lot of focus on IoT security, especially after the havoc created by malware like Mirai, VPNFilter, ForgotDoor. Following post contains details of how a simple configuration flaw led to code execution in one of the more ...

Pwning admin panel with recon

Apr 11, 2018 - 3 minutes
Reconnaissance is one of the interesting and most critical parts of penetration testing. Using recon, one could yield API endpoints, sensitive files/folders, juicy subdomains and so on. During a recent engagement, I was able to get access to the administrative panel due to lack of authorization and sensitive files being published publicly. Let us start with analysing the iOS application statically more ...

Directory Listing to Account Takeover

Dec 30, 2017 - 2 minutes
Directory listing is one of the most common misconfigurations which can be exploited trivially. However, the impact depends on the criticality of the files present inside the directory. Recently, during one of my pentests, I came across an interesting open directory which I was able to leverage. On enumerating, I discovered a subdomain which was the staging server and was accessible over the inter more ...