Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.

  • 1 Post
  • 26 Comments
Joined 1 year ago
cake
Cake day: March 27th, 2024

help-circle


  • No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

    Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.




  • Just to be clear, I will absolutely create new domain users or add my own ssh keys to an authorized_keys file to escalate privs or move laterally through a network while I’m “hacking”.

    Also a malicious actor opening a reverse port forward tunnel with ssh allows them to punch a hole to them on the WAN side of the network when they’re dealing with NAT or firewall rules. If a system is truly airgapped then that accomplishes nothing. You’d need something plugged in to the airgapped system or airgapped network to bridge that air gap, like a usb adapter that has a SIM card in it.