Having fun with Magento SUPEE-8788

Everyday with a RCE, is a good day

In his SUPEE-8788 security advisory, Magento warns the users of possible Remote Code Execution attacks in unpatched versions.
Let's find out exactly what does it mean and how we can leverage it.

Rainbow tables are dead

30th Jan 2017

Say "Rainbow tables" one more time

This is a public service announcement. It's 2017 and people are still referencing to rainbow tables, usually when talking about password salts.
That's not the real reason of salt usage; rainbow tables are long dead, let's find out why.

Phrases Generator

13th Jan 2017

A.k.a. The Supercalifragilisti script

Cracking 50% of a password list is easy.
Reaching the 60% is nice.
Achieving the 70% requires some work (or patience).
Getting beyond that needs some creative thinking.

MongoDB Scraper

Keep door closed at all times

MongoDB is a NoSQL database and it's very handful when you don't want the constrains of a fixed schema.
Sadly it comes with very unsecure default settings: if left untouched, MongoDB will allow connections without any username and password.
Accordingly to Shodan, there are more than 60k MongoDB instances freely accessible over the Internet. What if we start to crawl them all?

Hashtag scraper

27th Dec 2016

A better way of scraping

Common wordlists and mask attacks can crack a large amount of passwords, but to get even the last ones we have to get creative. Passwords are slowly turning into passphrases: several words packed together as the famous XKCD comic pictured some time ago.
This means that we have to find a way to guess what people are actually thinking and how they usually combine words.