This post documents a security project I have written, SecureMilkCarton - an intentionally vulnerable Java web application that runs on Apache Tomcat. Contents Introduction Project Background Project Repository Project Exercises and Answers SecureMilkCarton: Quick Start Option 1: Build Script Option 2: Docker SecureMilkCarton: Installation using Build Script Optional: Install better history Optional: Changing the default ports SecureMilkCarton: Web Server Configuration SecureMilkCarton: Project…

This post outlines a tutorial and explanation of how to use the Paho MQTT JavaScript library to build a basic web application to subscribe to MQTT messages from a broker. The resultant source code is available from the following repository: js-mtt-websockets-demo. Please feel free to use it as a base in your project. The final web application is simple, yet functional. Contents Introduction The Eclipse Paho MQTT JavaScript Library MQTT Over Websockets Building an MQTT Web Application Creating…

This post is part of a series on the Ubuntu Linux version of Metasploitable3. The following posts are part of the series: Part 1: Building the Ubuntu Linux Version Part 2: Customizing the Ubuntu Linux Version Part 3: Pentesting the Ubuntu Linux Version - SQL Injection Part 4: Pentesting the Ubuntu Linux Version - Attacking Services (You are here!) Contents Introduction Configuring the Metasploit Framework Port 6697: UnrealIRCd Port 21: ProFTPD version 1.3.5 Port 80: Drupal Resources Conclusion…

This post is part of a series on the Ubuntu Linux version of Metasploitable3. The following posts are part of the series: Part 1: Building the Ubuntu Linux Version Part 2: Customizing the Ubuntu Linux Version Part 3: Pentesting the Ubuntu Linux Version - SQL Injection Part 4: Pentesting the Ubuntu Linux Version - Attacking Services (You are here!) Contents Introduction Overview of Flags Initial Assessment Port 80: Payroll Web Application Reviewing the Payroll App Source Code Conclusion…

I am exceptionally pedantic about my git commits. However, since I started using git locally, I have become much more relaxed. I put on my headphones, blast some Metallica, get in the zone, and git commit like a mad person! It is a great place to be. Furiously coding and committing at an important juncture. However, this led me into bad habits. Reckless is a better word for it. I generally commit with a descriptive message, and push at logical times… but have gotten less precise lately. I have…

Update: This tutorial is now considered out-of-date. I have written a new tutorial which uses a more recent version of the Arduino-LMIC library modified by MCCI which has much better support for the AU915 frequency. Please view the updated Dragino LoRa Shield Node Configuration for AU915 (Updated) post for more information. Contents Introduction Quick Start Australian and New Zealand Frequencies Walkthrough Hardware Overview Setup Arduino IDE Download Repo and Flash Arduino LoRaWAN Library…

This post documents how to build a Linux gateway using Ubuntu Server 18.04. The gateway connects an internal network to an external network - basically, performing Network Address Translation (NAT) for hosts on the internal network. It is exceptionally similar to what your ISP supplied home router does. To achieve this, an Ubuntu Linux server is configured as a DHCP server and also to provide NAT using . Contents Introduction Configure Network Interface Cards Install DHCP server Configure…

This post is part of a series on the Ubuntu Linux version of Metasploitable3. The following posts are part of the series: Part 1: Building the Ubuntu Linux Version Part 2: Customizing the Ubuntu Linux Version (You are here!) Part 3: Pentesting the Ubuntu Linux Version - SQL Injection Part 4: Pentesting the Ubuntu Linux Version - Attacking Services Contents Introduction Cleaning the Build Environment Remove the Virtual Machine from VirtualBox Removing the Previous Vagrant Box Customizing…