Offsec Blog

Offsec Web Server Hacked

HackedFor the past couple of weeks we have been watching escalating DOS attacks against our web server, specifically against the Metasploit Unleashed Wiki. Today as we were watching our apache logs, we noticed unusual requests. A quick analysis showed that our web server was compromised through a vulnerability in the wiki software we use for the free Metasploit course. The compromise occurred on Nov 6th,and went unnoticed for  around 28 hours.

A php shell was uploaded to the wiki through an obscure vulnerability, and from there on, it got messy. The attack was mitigated early enough to prevent any critical damage to our systems,  however getting hacked is never nice. No private or personal data was compromised.

Its at times like this I fondly remember the saying :

“Just because you are paranoid, it doesn’t mean they are not out to get you”

UPDATE FOR 2020

Advanced Web Attacks and Exploitation

Advanced Web Attacks and Exploitation (AWAE)

Learn white box web application penetration testing and advanced source code review methods. Now with 50% more content, including a black box module.

Earn your OSWE

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb