Categories
Security

How I changed Wireless SSID of every unprotected router connected to my ISP to NSA Be Watchin’

So, I came back home after work and decided to check my internet usage since its month end and noticed my WAN address from the ISP’s portal. I fired up nmap and took a dump of all the available routers on the network, basically scan the network for open port on 80. Use the following […]

Categories
Big Data Security

Arbitrary Code Execution In Unsecured Apache Spark Cluster

Apache Spark Cluster:       The figure above is the basic abstraction of a Spark cluster. Here, the driver program is the actual code (job) that you will be running over the Spark cluster. Cluster Manager (the Master) coordinates the task allocation between executors. You can say the cluster manager acts as a job […]

Categories
Security

Remote Code Execution Vulnerability in Elasticsearch – CVE-2015-1427

If you have an elasticsearch instance that is publicly available, upgrade to 1.4.3 or later Immediately! Elasticsearch (the “E” in ELK) is a full-text search engine that makes data aggregation and querying easy. It has an extensive JSON API that allows everything from searching to system management. This post will show how a new vulnerability, CVE-2015-1427, […]

Categories
Security

ircCloud Session Validation Failure

On thier back-end, they are not validating the session properly. Also they are using only one session variable for validating/authenticating the user throughout. This security flaw lets me access one logged in account from an entirely different browser (from different location) without actually login in. So here’s the steps that i took to make this […]

Categories
Security

How to Exploit OpenSSL aka Heartbleed

Hope you already know how heartbleed works. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. You may want to look into my previous post to get a clear picture. Try this […]

Categories
Security

How OpenSSL heartbleed works

What’s Heartbleed and why should I care about OpenSSL? In case you haven’t read the Heartbleed website, go do that. Here I’ll just give a quick overview. The Heartbleed bug is a particularly nasty bug. It allows an attacker to read up to 64KB of memory, and the security researchers have said: Without using any privileged information […]

Categories
Security

How to get all websites hosted on a shared server (Reverse DNS Lookup)

What is a shared hosting? A shared web hosting service or virtual hosting service or derive host refers to a web hosting service where many websites reside on one web server connected to the Internet. Each site “sits”on its own partition, or section/place on the server, to keep it separate from other sites. This is […]