Hello,
I currently work on project connected to penetration testing on university. The first 'test' page before real testing is some Django site (the last release of Django is implemented). I think that they left on purpouse debug option to give me some informations. How should I start trying to break in? I mean this is CMS at all, so it looks like I should find new vulnureable in such complex system that many wiser than me secured? Where to look for security holes? I think there's no public 0days on Django 1.4.1 on Internet, so where and what should I look for?
Thanks,
L.
Hacking CMS/Django
Forum rules
Older HTS users: Be nice to the new people.
NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.
Older HTS users: Be nice to the new people.
NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.
4 posts • Page 1 of 1
Hacking CMS/Django
by Lynxu on Wed Oct 31, 2012 1:39 pm
([msg=70517]see Hacking CMS/Django[/msg])
- Lynxu
- New User
- Posts: 2
- Joined: Wed Oct 31, 2012 1:34 pm
- Blog: View Blog (0)
Re: Hacking CMS/Django
by hellow533 on Wed Oct 31, 2012 2:59 pm
([msg=70519]see Re: Hacking CMS/Django[/msg])
Can you be more specific?
“True hacking is like skydiving, you want to make sure you have arms, because nobody’s going to be there to pull the chute for you.”
-
hellow533 - Poster
- Posts: 337
- Joined: Thu Jan 29, 2009 3:27 pm
- Blog: View Blog (0)
Re: Hacking CMS/Django
by Acidiferous on Wed Oct 31, 2012 4:40 pm
([msg=70520]see Re: Hacking CMS/Django[/msg])
Hi,
Have you ever seen the backend of the cms? I think that when you find a system you dont know mutch about, it is allwayes a good start to try and configure it your selfe.
Saying that its secured by people wiser than you, is not a good start. Remember that they have to think about every security flaw and you just have to find the one they missed.
I can see that the latest version is 1.4.2 so mayby you should read the bug fixes for that version.
A quick look around the site gave me an interesting header, mayby you can use it and follow up on it.
https://www.djangoproject.com/weblog/2012/oct/17/security/
As people normaly say on this forum, post a link to the site and a message in the source or something. Then we can try it out, and help you with a more specific solution. Maybe.
Have you ever seen the backend of the cms? I think that when you find a system you dont know mutch about, it is allwayes a good start to try and configure it your selfe.
Saying that its secured by people wiser than you, is not a good start. Remember that they have to think about every security flaw and you just have to find the one they missed.
I can see that the latest version is 1.4.2 so mayby you should read the bug fixes for that version.
A quick look around the site gave me an interesting header, mayby you can use it and follow up on it.
https://www.djangoproject.com/weblog/2012/oct/17/security/
As people normaly say on this forum, post a link to the site and a message in the source or something. Then we can try it out, and help you with a more specific solution. Maybe.
- Acidiferous
- Experienced User
- Posts: 55
- Joined: Tue Mar 29, 2011 9:49 am
- Location: Europe
- Blog: View Blog (0)
Re: Hacking CMS/Django
by Lynxu on Thu Nov 01, 2012 2:37 am
([msg=70522]see Re: Hacking CMS/Django[/msg])
Hi,
Yeah, yeah, I heard that already, however I meant that generally those security flaws are pretty advanced and pretty valuable on the Internet once they are found.
But on topic: the site is http://149.156.114.13/ and the clue I found is dead link, that goes to http://149.156.114.13/crowdsourcing/tyg ... cz/report/. Plenty of informations there I think. I also found the admin panel (standard http://149.156.114.13/admin/) and version of server program (http://149.156.114.13/index.html). I think abous using nmap to get some more info at the moment. I may also try to crack into server itselt (remote exploit?), because it's all on my Department's machines and I have their blessing on every test that's necessary. So which information I should consider most useful?
Edit: Ow, sorry, I forgot about the message in source code. I will write to a person responsible for giving me that task and i hope that the propoer line will appear in site's source about next week (today and tommorow are holydays in PL). But other thing is that I don't want you to break in for me - I want to do it by myself (at least I have to learn it if I really want to do some serious pentesting in future), I would be grateful for piece of advice about starting.
Edit: Ok, the entry in site's source (informing about approval to pentesting for Marcin Jekot - that's me) should appear tommorow or the day after. Will anybody help with getting into it? I also was informed that debugging was turned off - fortunetely, I downloaded the site with output before that, so informations from it are still avaliable.
-- Wed Nov 07, 2012 5:35 pm --
Okay, I want to announce that the comment in source appeared - line 9 on main page. Debugging was also turned off, but I downloaded the site with results before - if anybody want to help I may provide some details on configuration. Anyone will help me a bit to start?
I have also read about some flaws in django from those slides: http://www.levigross.com/post/877653676 ... -and-rails but not sure how to exploit them...
Saying that its secured by people wiser than you, is not a good start. Remember that they have to think about every security flaw and you just have to find the one they missed.
Yeah, yeah, I heard that already, however I meant that generally those security flaws are pretty advanced and pretty valuable on the Internet once they are found.
But on topic: the site is http://149.156.114.13/ and the clue I found is dead link, that goes to http://149.156.114.13/crowdsourcing/tyg ... cz/report/. Plenty of informations there I think. I also found the admin panel (standard http://149.156.114.13/admin/) and version of server program (http://149.156.114.13/index.html). I think abous using nmap to get some more info at the moment. I may also try to crack into server itselt (remote exploit?), because it's all on my Department's machines and I have their blessing on every test that's necessary. So which information I should consider most useful?
Edit: Ow, sorry, I forgot about the message in source code. I will write to a person responsible for giving me that task and i hope that the propoer line will appear in site's source about next week (today and tommorow are holydays in PL). But other thing is that I don't want you to break in for me - I want to do it by myself (at least I have to learn it if I really want to do some serious pentesting in future), I would be grateful for piece of advice about starting.
Edit: Ok, the entry in site's source (informing about approval to pentesting for Marcin Jekot - that's me) should appear tommorow or the day after. Will anybody help with getting into it? I also was informed that debugging was turned off - fortunetely, I downloaded the site with output before that, so informations from it are still avaliable.
-- Wed Nov 07, 2012 5:35 pm --
Okay, I want to announce that the comment in source appeared - line 9 on main page. Debugging was also turned off, but I downloaded the site with results before - if anybody want to help I may provide some details on configuration. Anyone will help me a bit to start?
I have also read about some flaws in django from those slides: http://www.levigross.com/post/877653676 ... -and-rails but not sure how to exploit them...
- Lynxu
- New User
- Posts: 2
- Joined: Wed Oct 31, 2012 1:34 pm
- Blog: View Blog (0)
4 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests