Skip to Main Content
Hands-On Penetration Testing on Windows
book

Hands-On Penetration Testing on Windows

by Phil Bramwell
July 2018
Intermediate to advanced content levelIntermediate to advanced
452 pages
11h 51m
English
Packt Publishing
Content preview from Hands-On Penetration Testing on Windows

Manipulating the IV to generate predictable results

Navigate to OWASP 2017 on the left, then Injection | Other, and then CBC Bit Flipping to arrive at the site shown in the previous screenshot. So, let's get acquainted: we see here that we're currently running with User ID 174 with Group ID 235. We need to be user 000 in group 000 to become the almighty root user. The site is protected with SSL, so intercepting the traffic in transit would be a bit of a pain. What else do you notice about this site?

How about the URL itself? https://192.168.108.104/index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba

Oh my – it's an IV field, right there for the taking. We've seen how the IV is XOR with the plaintext before encryption ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Hands-On Web Penetration Testing with Metasploit

Hands-On Web Penetration Testing with Metasploit

Harpreet Singh, Himanshu Sharma
Metasploit Penetration Testing Cookbook - Third Edition

Metasploit Penetration Testing Cookbook - Third Edition

Nipun Jaswal, Daniel Teixeira, Abhinav Singh, Monika Agarwal
Web Penetration Testing with Kali Linux - Third Edition

Web Penetration Testing with Kali Linux - Third Edition

Gilberto Najera-Gutierrez, Juned Ahmed Ansari

Publisher Resources

ISBN: 9781788295666Supplemental Content