[Owasp-leaders] Project Query

Munir Njiru munir.njiru at owasp.org
Mon Aug 3 10:38:29 UTC 2015


Hi Guys here is a video on a bit of the application of the OWASP Mth3l3m3nt
Framework Project in a CTF held at the africahackon conference this year :)

http://filehost.skilledsoft.com/en/file/196/africahackon-ctf-2015.mp4.html

Munir Njenga,
OWASP Chapter Leader (Kenya) || Information Security Consultant || Developer
Mob   (KE) +254 (0) 734960670

=============================
Chapter Page: www.owasp.org/index.php/Kenya
Email: munir.njiru at owasp.org
Facebook: https://www.facebook.com/OWASP.Kenya
Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya


On Tue, Jul 7, 2015 at 11:28 AM, Timo Goosen <timo.goosen at owasp.org> wrote:

> Sounds like a cool idea for project.
>
> Do you have some code for this yet?
>
>
> Don't think it fits into one of the projects at the moment.  Only thing
> close to this, but not associated with OWASP is some metasploit modules
> that do that: http://netsec.ws/?p=331
> Regards.
> Timo
>
> On Tue, Jul 7, 2015 at 9:39 AM, Munir Njiru <munir.njiru at owasp.org> wrote:
>
>> Hi Guys,
>> I don't know if this fits the bill so thought I'd ask first if this would
>> be a good OWASP project to release it under the same, I can setup a demo if
>> need be for it. I have been making a small User interface utility based in
>> PHP. Basically the Features I have added to it so far that are complete.
>>
>>
>>    - A payload storage module -> This can be done in multiple databases
>>    that it offers support for . (SQLite, PostgreSQL, MySQL, SQL Server, Mongo
>>    DB )
>>    - A payload encoder module for strings -> currently handles,
>>    Base64,Rot13,Hex,Hex in \x Format etc
>>    - An LFI Exploitation module that allows you to have a new URI or
>>    cookie based LFI in like 7 lines of code.
>>    - A Backdoor store in event of a large assessment especially web
>>    based where you have many apps you can control and keep tabs on any post
>>    exploitation backdoors from a central interface , also atleast ensures
>>    after the assessment you've cleared them all because you will know where
>>    each is before removing it from the interface.
>>    - Web Shell Generator -> PHP, ASP, JSP, JSPX
>>
>>
>>
>>
>> Munir Njenga,
>> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
>> Developer
>> Mob   (KE) +254 (0) 734960670
>>
>> =============================
>> Chapter Page: www.owasp.org/index.php/Kenya
>> Email: munir.njiru at owasp.org
>> Facebook: https://www.facebook.com/OWASP.Kenya
>> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CA%2BqYjnY%3Dz49Z3cT%2BkYvAmQ4R51rrScJSF%2BspGw7b2hvESbh1zA%40mail.gmail.com
>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CA%2BqYjnY%3Dz49Z3cT%2BkYvAmQ4R51rrScJSF%2BspGw7b2hvESbh1zA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150803/2a395180/attachment.html>


More information about the OWASP-Leaders mailing list