Jason Gardner's Cybersecurity Research Blog

So in preparation for the OSCP and to get better at understanding security vulnerabilities I have been doing what are commonly referred to as capture the flag challenges. Here I will go over a unique vulnerability that allows remote access to a "user.txt" file and a "root.txt" file. The root.txt file can only be acquired remotely if I can gain remote command execution as the root or system user. Since this is a Linux based system I will be trying to escalate my privileges up to root so I can control the system and do the file retrieval.  The biggest and initial step is enumeration. So far I just know there is a box with an IPv4 address of 10.10.10.140. From the name I can assume perhaps that this is a shop of some kind but that is all the initial information given. In essence this CTF is mirroring what you would refer to as black box testing in a security or penetration testing job. Here perhaps a shop owner is concerned about their security and would like to see wh

This is a fun example I created from following some tutorials on YouTube. I have built SMTP servers in previous examples, but this can be used to send e-mails from a webpage to a server for contracts or something as simple as a guestbook where an admin would like to have a system send automated e-mails to marketing, sales or management teams. I used the PHPMailer library found on GitHub for the backend processing. For the front page I just made a simple form where the user can send a resume to a recruiter.           And don't worry this won't just let you put any name in the email text box. The e-mails need to come from a legitimate source such as the secured website where this will be hosted in production. The above was rendered from the code below. Nothing fancy here, just a simple form for submitting attachments.  Success! The form works as intended and I got the test e-mail in my Gmail inbox from my test server.

For this example I created a page where a user can upload files & images to a web server. The items are stored and reflected so the user can see their multiple uploads. With PHP below I am handling the uploads and if the file already exists the user is notified that they are trying to do a duplicate upload. And here this is defining the main work being done by this page. This is handling the file type to only allow images with extensions of: .gif, .jpg, .png, .jpeg. The size is also restricted to 500KB. This is what the page looks like below with a little formatting. The alert below was triggered by trying to upload a file without one of the allowed extensions. This is now echoing back to the screen the file size restrictions because an excessively large file was being uploaded. In this block I create the div tags for the "dropZone" above and set the input type to handle the multiple attachments as an array. And now below you can see what the page looks like after multipl

What is a reCAPTCHA? You have seen them online and perhaps have been wondering how they work. I know I have been seeing these for years but didn't really understand them until I saw the process. In this example I don't go into the creation of the system behind reCAPTCHA's, but rather here I am just showing how to use the Google reCAPTCHA v2. I have seen these used ubiquitously all over the internet and I decided to learn what they are and how I can implement them on my own sites to verify that my site's users are indeed people and not bots. The PHP is pretty standard. I send the API a user's name, Key, response Key and IP address. Then I get the file contents, decode the JSON and verify a user's authenticity. PHP CODE: HTML CODE: The HTML code for this example is just a simple sample text box form for a user's name, this can be for a username, email or even to verify if a survey is being taken by a human rather than by a bot. The uses for this are endless an

In this example I created a simple CSRF token to validate a user's identity. Obviously the final implementation is going to take more than what I am showing here. But the point here is to understand what CSRF tokens are, how they are created and how they are used. A CSRF token, is unique to each user and is created in a randomized way. It is then used to identify the subsequent HTTP request and make sure the server is communicating the right data with the correct client. Below in PHP I start a session and then you can see that the session key tied to each user is a bin2hex() function which converts a string of characters to hexadecimal values. So that it remains unpredictable it is then multiplied using the random_bytes function. Random_bytes is a function that cryptographically generates pseudo-random bytes. The HTML is a simple submit form where a user enters their name and a CSRF token is then created. Within this code you can see that the CSRF token is created using sha256 encr

I found this today and it's quite interesting. With Mouseflow on a web page I am able to see recorded user sessions. This is particularly interesting because you can fully put yourself in the shoes of your visitors and see exactly how they interacted with a web page. It didn't seem to capture my particles.js particles I put on the test page, but it captured everything else. So it's not perfect but it seems to accurately record all the visitor's movements and actions.  This is obviously more useful as you analyze thousands of visitors and then clear patterns can be more visible. So by taking into account what parts of a site people hover a mouse over or what they actually click on it gives a direction for what to focus on based on the site's user base. The installation was quite simple. I included this little javascript tag:         <!--Mouseflow Test -->         <script type="text/javascript">             window._mfq = window._mfq || [];      

I started with creating an Ubuntu VPS. I then installed Memcached from the CLI via SSH from my local machine. I secured the '.conf' file by setting it to listen on localhost and disabling UDP. I then configured SASL support for connecting my PHP scripts to the backend SQL database. I then added Apache and PHP to the server. Next I created a php info page and put it on the server to view the memcached information. I can see that memcached is installed and is communicating with PHP properly.   Next to get a simple connection working and some data flowing back and forth I created this simple php page with a key. This script opens a new Memcached instance to the localhost and gets the requested key. If no key is found it adds one. On the next refresh then the newly created key which is a string of text is retrieved from Memcached.

For this example I added cPanel & WHM to a CentOS VPS I created. Upon installation of cPanel I did a lot of configurations including setting up the log rotations, a BIND nameserver and backups. The installation from the command line is simple. The syntax is just a little different than most of the other posts where I use Ubuntu because that's my favorite version of Linux. However, I like to use the most efficient tools when I can and in this case it's CentOS. I have done a fair amount of scripting and automation using CentOS and Vagrant boxes so this was a cinch.   To install the latest version of cPanel from the command line the commands are as follows: cd /home wget -N http://httpupdate.cpanel.net/latest sh latest /usr/local/cpanel/cpkeyclt  From here the most difficult parts are done and the rest is quite intuitive if you've worked with servers and monitoring systems. I added my email and the nameservers to begin with. As you can see below with cPanel it is more abou