Real time CSRF exploitation

Introduction This document will guide you to exploit the CSRF (Cross Site Request Forgery) vulnerability step by step wherein an attacker can launch the CSRF attack against the valid application user and update the details. It will also give an idea to mitigate these risks under the recommendations section. Since this was a real-time attack […]

Read more "Real time CSRF exploitation"

vagrant provision shell from gist.github

from gist.github vagrant_dvwa.sh #!/usr/bin/sh ordinaryPack=”docker nc tcsh unzip” servPack=”httpd mariadb-server php-mysql php” passwdResetURL=”https://gist.githubusercontent.com/kaldown/1a0df9af50b6d08ddc32/raw/bfaf3bf4e610649437ae6ee72a1c3e3d9e7d3538/rootPasswdReset” yum update -y yum install -y $servPack $ordinaryPack systemctl enable httpd.service systemctl enable mariadb.service curl $passwdResetURL >> /tmp/rootPasswdReset mysqld_safe –user=mysql –init-file=/tmp/rootPasswdReset wget -P /tmp https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip unzip /tmp/v1.0.8.zip -d /var/www/html mv /var/www/html/DVWA-1.0.8 /var/www/html/dvwa sed -i ‘s/p@ssw0rd/sqlpasswd/g’ /var/www/html/dvwa/config/config.inc.php sed -i ‘s/^/#/g’ /etc/httpd/conf.d/welcome.conf systemctl start […]

Read more "vagrant provision shell from gist.github"

mount -t vboxsf: No such device

Finally I’ve found the solution with problem described above. As always – firstly better to take a look in github (hello rkn) Here some sort of: If you will for first time, Vagrantfile will mount your ./workdir to /vagrant filesystem on Guest. But each time I yum update (chef/centos-7.0 box) – something goes wrong and […]

Read more "mount -t vboxsf: No such device"