-
Enumerating and Exploiting Network File System (NFS)
- Posted on: March 26, 2022
- by: Gifer Khan
- 0 Comments
An NFS is known as a network file system, a frequently used network service that provides a distributed file system allowing users on client machines to access data on a network. Think of this as your google drive account where you create a folder sharing with your friends and whatever file you upload there they will have access to it. A Network File System, or NFS, is similar and more professionally used and it is required for businesses to transfer data over a network. Any distant computer or device that connects to the network you’ll be using might access remote data and files.
All members of a network will have access to the same files, making file sharing more convenient. I won’t dig much more into the details of it but if you are interested you can read more here about how it works and other technical details. NFS has some major disadvantages and one of them is its security aspects of it. The fact that NFS is built on RPCs, which are fundamentally unsafe and should only be used on a trusted network behind a firewall, is the first and greatest security risk. NFS will be exposed to online attacks if this does not happen. In this article, I will focus more on how a network file system can be enumerated and exploited following a tutorial from TryhackMe.
Continue Reading -
Risk Of Using Default Setup Configuration & Vulnerability Assessment of MongoDB
- Posted on: March 24, 2022
- by: Gifer Khan
- 0 Comments
While working in the IT environment, we often have to work with different sorts of tools and software. Although setting them up might be easy as a one-click installation just like WordPress was used to create this website but a default configuration in the software often makes it vulnerable to cyber-attacks.
When adding systems to a production network, default configurations might occasionally leave them less secure than suggested. Big companies have come up with different techniques in protecting the default configurations for their tools; unfortunately, penetration testers and attackers still discover many systems installed with default configurations. Many of the default options may simply allow attackers to learn more about the underlying operating system and other components. Obtaining information from a variety of information disclosure-related vulnerabilities, on the other hand, might be crucial to an attacker’s success in subsequent assaults.
Continue Reading
Most risky default settings that make your environment vulnerable:
Attackers may exploit a system by targeting the default settings of a system for instance the administrator password; as strange as it may seem, the most powerful accounts usually have the weakest passwords. Local admin accounts in networks, for example, are used to set up servers in a network. However, most of the time, it is the extent of their responsibilities. These accounts are left with default or predictable passwords, making them easy targets for hackers. Although the passwords of admin accounts in settings like Active Directory (AD), Azure, or Amazon Web Services (AWS) are safe, they are frequently repeated or shared across network users. -
How safe are IoT devices & how to make them more secure?
- Posted on: March 22, 2022
- by: Gifer Khan
- 0 Comments
Needless to say that we are all familiar with IoT devices in the 21st century and at least have a couple of them in our homes. The Internet of Things (IoT) refers to the network of physical objects—“things”—that are embedded with sensors, software, and any other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
I don’t know for the most but I’m guilty of being totally dependent on these devices, particularly Alexa or Google Home. From setting up an alarm to knowing how the weather is with voice command, is just way more convenient than using the smartphone. More importantly, you can use it to control your other devices such as turning on lights, the thermostat and for the advanced users, there are so many other fascinating things you can do.
Continue Reading
Albeit, this post is not just about how valuable these devices are but rather the security vulnerabilities of these devices and what we can do to protect them better. Before we get into all the technical details; for the non-tech-savvy readers, I will attempt a simple explanation. Have you ever noticed that when you connect to your wi-fi, you can see the names of all the devices that are connected to it? or when somebody listening to music in their device and you can see the song they are playing or a movie they are watching? This is because all of these devices are connected with each other, now obviously you can’t access another person’s information just by connecting to the same network but the point I’m trying to make is that it is still connected and hence it is not too impossible for a professional to hijack it to see more than just the device name. Another way hackers are finding it’s way to hack Alexa is through installing fake skills such as when a user request Alexa to install “Capital One App” the can be tricked to install a fake skill called “Capital Won” which is a fake skill with malicious intent such as stealing customer’s information.
Recent research published by the checkpoint indicates that a number of Amazon and Alexa subdomains were susceptible to a Cross-Origin Resource Sharing (CORS) misconfiguration and Cross-Site Scripting (XSS). By using XSS, the attacker is capable to receive a CSRF token that would issue them access to elements of the smart home installation. As a result, hackers can install any fake skills to exploit the systems. For instance; when the user invokes the installed skill, these flaws might have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their speech history, and steal personal information. The research claims that it would need only one click on a carefully designed Amazon link to successfully exploit the vulnerability. -
Are you one of those TV fans that are so vigorously attached to it that, will go beyond the entertainment aspect of it and dive deep towards the mise-en-scène, cinematography, sound, or even editing of it, then this article is for you. Being such a huge buff of motion pictures, It’s safe to say that I’m often glued to the TV during my leisure. Regardless of it being a french biopic or Korean drama a good plot and provocative character is all it takes me to watch. Besides the fact while pursuing my diploma in Mass Communication, I had the pleasure of taking a course on Script Writing & Videography, an additional reason for my love for this world. While analyzing different movies I came across this film writer called Pedro Almodovar.
Continue Reading -
A Wonderful Serenity has taken possession of my entire soul, like these sweet mornings of spring which I enjoy with my whole heart. I am alone, and feel the charm of existence in this spot, which was created for the bliss of souls like mine. I am so happy, my dear friend, so absorbed in the exquisite sense of mere tranquil existence, that I neglect my talents. I should be incapable of drawing a single stroke at the present moment; and yet I feel that I never was a greater artist than now.
When, while the lovely valley teems with vapour around me, and the meridian sun strikes the upper surface of the impenetrable foliage of my trees, and but a few stray gleams steal into the inner sanctuary, I throw myself down among the tall grass by the trickling stream; and, as I lie close to the earth. Continue Reading