Exploiting the Web in 20 Lessons (Natas)

cyber

Continuing my quest through the Wargames, today I am going to talk about the 20 first levels of Natas, the web exploitation episode.

I divide the exploits into two parts. The first part contains the easy challenges that don't demand much art (and are a bit boring). The second ...

more ...

Understanding the Shellshock Vulnerability

cyber

Almost a week ago, a new (old) type of OS command Injection was reported. The Shellshock vulnerability, also known as CVE-2014-6271, allows attackers to inject their own code into Bash using specially crafted environment variables, and it was disclosed with the following description:

    Bash supports exporting not just shell variables ...
more ...