Category Archives: Lessons Learnt

Virtualbox Guest Additions with screen resizing

Are you using Virtualbox Guest Additions and you get frustrated because the screen does not resize? We also have come across the same problem. But we have good news, in this article we will provide you with a guide on how to make your screen resize correctly.

As you can see in the image below without the proper screen resizing, VirtualBox is not practical. It is not a pretty picture and it does not help the users to do their work.

Display of Search Engine Result Page with Virtual Guest Additions without screen resize
Search Engine Result Page using Virtual Guest Additions without screen resize

After using our code, your end result should look like the picture below.

Search Engine Result Page of VirtualBox Guest Additions with screen resize
Search Engine Result Page of VirtualBox Guest Additions with screen resize

Over the years we keep coming back to this problem, but it seems the answer changes slightly, so here is an updated version of getting VirtualBox’s guest additions working including, the bits for screen resizing. This following command needs to be executed inside your Debian-based Linux VMs:

sudo apt update
sudo apt install virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11

If the above doesn’t instantly work for you, you may also need to install:

sudo apt install linux-source linux-headers-generic

Reboot, and fingers-crossed, it should work! If it doesn’t, and you installed things before you installed VirtualBox-guest-x11, you will also need to run:

sudo dpkg-reconfigure virtualbox-guest-dkms

We hope this helps you with resizing the screen when using VirtualBox Guest Additions.

Airmon-ng / Alfa USB Wireless Card / Virtual Box / Unstable

Just a quick note, for those of you searching the net for a solution. I have been looking for ways of using the airmon-ng, airodump-ng etc suite of tools from within a Virtual Machine, various boring-ish reasons why.

Problem with airmon-ng

However, I was getting loads of problems with whatever platform I tried the airmon-ng. I looked at VMWare Workstation and found that the internal (host-only) networking was poor, I looked at LibVirt / KVM and found that they technically worked perfectly, just the user experience was bad and then I went back to VirtualBox…

I used to use VirtualBox absolutely fine but when I rebuilt the machine and reinstalled it, I could get everything to operate as I needed, except USB pass through. Now, in fairness, this wasn’t exclusively limited to using USB wireless cards, but this is where I noticed it first.

Turns out the whole USB stack was unstable including basic file transfers to mass storage devices.

Eventually, I realised that the difference between the first installation and the current one was that I had installed the VirtualBox Extension Pack and had enabled USB 2.0 support thinking that this would be better… I was wrong.

How to fix unstable USB support inside VirtualBox?

The fix to unstable USB support inside VirtualBox is to untick “Enable USB 2.0 (EHCI) Controller” within each virtual machines configuration.

When tested, this also worked perfectly for airmon-ng and the rest of the suite. Yes, technically this limits the throughput, but I’d rather have stability over throughput.

And for those that care about the techie details:

Host OS: CentOS 7
Host Kernel: 3.10.0-229.7.2.el7.x86_64
VM OS: Kali 1.1.0
VM Kernel: 3.18.0-kali3-amd64
VirtualBox version: 4.3.30 r101610
VirtualBox Extension Version: 4.3.30 r101610

Worth noting that I made this “discovery” on the previous version of VirtualBox, but only wrote it up here after the upgrade.

YGHT can help you secure your technologies

Learn how by contacting us

Getting SQLMap to Detect SQL Injection Points Through JSON

Using Burp to detect SQL Injection Vulnerabilities

I was working on a clients web-app the other day. I had to set off an automated scan using Burp across the site.  Burp is a great tool for providing coverage of web-apps and their vulnerabilities. It can be surprisingly good at detecting XSS and SQL Injection vulnerabilities.

For obvious reasons I can’t say which web app. But this particular one had JSON variables that were wrapped into a single “GET” parameter.  This something like this:

index.php?query={"name":"Felix","profession":"Geek"}

Burp had detected that it was getting some interesting output from one of the JSON variables when it inserted a single quote like this:

index.php?query={"name":"Felix","profession":"'"}

The output from the site was a fairly restrictive.

PHP error so didn’t immediately provide any particularly useful information. But was still reported in Burp as a potential SQL injection vulnerability.  Usually, if Burp picks up SQL injection, SQLMap sees it pretty much straight away.

So I fired it up and was hopeful… but nothing came up.

Having no result from SQLMap doesn’t mean there is nothing there.

So I decided to poke around manually to try and verify the findings. 

My aim was to reveal some useful information that I could relay back to the client to try so that I could positively confirm that there was SQL Injection.

When error messages produce no useful information you are at best looking at a Blind SQL Injection vulnerability.

Which means that it behaves correctly but doesn’t echo anything.  This makes data exfiltration very slow as essentially you have to play a “true” / “false” game with the SQL server. 

This particular error message was from a PHP function. It seemed to be complaining that it was receiving more data or at least data in a format other than that it was expecting.  What this means is that the error is only going to get produced when there is more data in the SQL return. Therefore the error message means my guess was “true”.  None of this is particularly relevant to my post though, just setting the scene.

I ran SQLMap again and this time I specified my Burp proxy server for it to use so that I could see the raw requests and responses.  Something like the following should do the trick:

--proxy http://127.0.0.1:8080

I could see in the Burp History tab that it wasn’t injecting in the right place, I had specified the right “GET” variable, but the reality was that it was only a small part of this variable that was vulnerable.  A little research later and I discovered that there was an option that would allow me to specify where I wanted SQLMap to play.  Along with your other options such as –level 3 etc. you need to do something like the following:

-u http://www.victim.com/index.php?query={"name":"Felix","profession":"*"}

Note the asterisk (*).  This goes where you want it to inject.  And voila!  This time it works.

Act before it is too late, contact us and learn how your organisation can prepare for cyber attacks