Posts by webpwnized

3 min

Video Tutorial: Introduction to XML External Entity Injection

Title: Video Tutorial: Introduction to XML External Entity Injection Author: webpwnized [] From: ISSA KY Sept 2013 Workshop (Louisville, KY) Twitter: @webpwnized This video introduces XML injection to achieve XML external entity injection (XXE) and XML based cross site scripting (XSS). Please find notes used/mentioned in video posted below the video. 1. What is XML injection 2. What is an "entity" 3. What is entity injection 4. Cross site

2 min

Video Tutorial - Installing Kali Linux on Bootable, Persistent USB

Author: Jeremy Druin (webpwnized) Twitter: @webpwnized Title: Installing Persistent Kali Linux on Bootable USB Flash Drive From: ISSA KY June 2013 Workshop Recorded By: Adrian Crenshaw (@irongeek_adc) This video covers the installation of Kali Linux on a USB drive. Additionally, setting up persistence on a separate partition is reviewed including how the persistence works. A Kali Linux virtual machine is used to create the USB. The workshop was done to support the Long family. Johnny Long

2 min Authentication

Video Tutorial: Introduction to Web Application Pen-Testing

Instructors: Jeremy Druin (webpwnized), Conrad Reynolds, Adrian Crenshaw (Irongeek) Twitter: @webpwnized Title: ISSA KY Web Application Pen Testing Workshop Tools Used: Mutillidae 2.5.7 (hxxp://, Burp Suite 1.5 Free Edition Recorded By: Adrian Crenshaw of The KY ISSA [] hosted a one-day web application pen testing workshop in support of the Johnny Long family (@ihackstuff) which many know from Hackers for Charity [htt

1 min

Video Tutorial: Installing Kali Linux on Virtual Box

Author: Jeremy Druin Video Release Announcements: Twitter @webpwnized Title: Installing Kali Linux on Virtual Box with Nessus and Metasploit Link: Installing Kali Linux on Virtual Box with Nessus and Metasploit - YouTube [] This video is from the April 2013 workshop of the KY ISSA covering the installation of Kali Linux 1.01 on Virtual Box . Please see notes below the video. Notes: 1. Kali version 1.01 64-bit was used in making the video but th

3 min

Video Tutorial: Introduction to Pen Testing Simple Network Management Protocol (SNMP)

Title: ISSA KY March 2013 Workshop: Introduction to Pen Testing Simple Network Management Protocol (SNMP) Updates/Video Postings/etc.: Twitter: @webpwnized Software Required: Backtrack 5 R3, Metasploit, snmpset, snmpget, snmpwalk, tcpdump, nmap URL: Introduction to Pen Testing Simple Network Management Protocol (SNMP) - YouTube [] Notes: Please see below Author: Jeremy Druin From: Kentucky ISSA March 2013 Workshop The Simple Network Management Pr

6 min

Video Tutorial: Basics of using sqlmap automated sql injection audit tool

Author: Jeremy Druin Twitter: @webpwnized YouTube Channel: Software required: Backtrack 5 R3 with sqlmap, Mutillidae Web Pen Test Training Environment (hxxp:// Recorded at the ISSA Kentuckiana February 2013 Workshop, this video review the use of sqlmap; an automated sql injection audit tool. The video walks through using sqlmap to locate an sql injection, determine the backend database type

1 min

Video Tutorial: Introduction to Burp-Suite 1.5 Web Pen Testing Proxy

Author: webpwnized (Twitter: @webpwnized) Tool: Burp-Suite 1.5 Free Edition Length: ~1 hour After installing Burp-Suite, this video covers how to configure the proxy to intercept, pause, alter, and test requests and responses between a web browser and a web server (web site). Much of the basic functionality and some more advanced settings are reviewed including the Target, Proxy, Sequencer, Repeater, Intruder, and Decoder tab. While there are many more settings and features than can be covere

2 min

Video Tutorial: Introduction to custom exploits for buffer overflows (local privilege escalation)

Summary: Video demonstration of discovering a buffer overflow vulnerability in a SUID-root program, determining attributes of the bof, and writing a custom exploit for local privilege escalation on Ubuntu 12.04 by webpwnized ( @webpwnized []). While modern operating systems have long been patched against exploits which use direct addressing to exploit buffer overflows, it can be interesting to look at the creation of a custom exploit in order to better understand t

1 min

Video: Pen Testing HTML 5 Web Storage

Recorded at the 2012 AIDE conference, this video covers a presentation given by Jeremy Druin; a professional web application and network pen-tester. The topic is pen-testing html5 web storage which is a client-side storage technology available in html5-aware browsers. Web storage is discussed from two perspectives: altering your own web storage and altering the web storage of a remote user. Additionally JSON injection is reviewed to show how cross site scripts can be injected in unconventional

1 min

Tutorial: Using web command injection vulnerability to gain administrative shell on Windows web server

In this video, a Windows web server is hosting Mutillidae web application which contains a command injection vulnerability. Using command injection to exploit the Mutillidae web application, we gain a root shell (Administrative Windows cmd shell). The server is fully patched with anti-virus running and a firewall blocking port 23. Additionally the telnet service is disabled. With the command injection vulnerability, this video demonstrates how misconfiguring web services can have serious conseq

1 min

Video: Introduction to basic host and service discovery scanning

During the early portion of the scanning phase of pen testing, locating active hosts and identifying the services on open ports is critical in order to determine exposed systems. The video was recorded at the May ISSA Kentuckiana monthly workshop in Louisville and covers basic host discovery scanning. Port scanning and service discovery are covered as well as reporting results. Some of the tools used are nmap, xprobe2, hping3, tcpdump and amap. The speaker is Jeremy Druin (@webpwnized) and was

2 min

Tutorial: How to scan exploit Metasploitable-2 using Metasploit, Nexpose, nessus, Nmap, and John-the-Ripper

This video tutorial covers exploiting Metasploitable-2 to get a root shell and eventually a terminal via a valid "sudo-able" login over SSH. Two machines; a test host (Backtrack 5-R2) and a target host (Metasploitable-2) are set up on a VirtualBox host-only network. With this lab network set up, the demonstration walks through a practice pen-test using the phases of recon, scanning, exploitation, post-exploitation, and maintaining access. (Covering tracks and reporting are not covered. Recon is

0 min

Tutorial: Using SQL injection to generate cross site scripts

This video discusses a somewhat advanced SQL injection technique in which the SQL injection is not the primary attack. The SQL injection is used to generate cross site scripting. This is useful when cross site scripts cannot be injected into a webpage from a client because web application firewalls or other scanners are in place. When an SQL injection can be snuck past the WAF, it is possible to have the SQL injection generate the Cross Site Script dynamically.

0 min Metasploit

Tutorial: How to discover hosts using Metasploit Community Edition

This video shows Metasploit Community Edition being used to run an nmap scan on a Virtual Box network in order to discover hosts.

0 min Metasploit

Tutorial: Basics of launching exploits from Metasploit Community Edition

This video covers the basics of launching exploits from Metasploit Community Edition. The exploits were discovered in a previous step both with Nexpose and Nessus. In the case of Nessus the results were exported as a .Nessus file then imported into Metasploit Community Edition. This video picks up right after the vulnerabilities are discovered and imported.