piątek, 27 maja 2016

IE8 Divided by zero

Internet Explorer 8 is prone to remote denial-of-service. Below the poc and few details:


MS Office 2010 - DoS in Publisher - #3

Publisher (from MS Office 2010) is (again) prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application.
-------------------------------------------------------------------------------------------
Found  by : code16@26.05.2016


czwartek, 26 maja 2016

Few pocs for IE8

I assume that this is probably useles now so for education purpose only, you will find few
proof-of-concepts (described by !analyze as "not", "probably" and "exploitable") below:


MS Office 2010 - DoS in Publisher - #2

(AFAIK it's already published but without details.)

Below again a little bit more and poc:

MS Office 2010 - DoS in Publisher

Publisher (from MS Office 2010) is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application.
-------------------------------------------------------------------------------------------
Found  by : code16@07.05.2016

wtorek, 24 maja 2016

Crackme #2 by Pride

Cool crackme by Pride from crackmes.de:
 

CrackMe #1 by DiABLO

Cool crackme by DiABLO - thanks - you can find it here.


Crackme by qHF's Unique Code CrackMe

This one was interesting... :) As always I found it on crackmes.de:


Crackme by Am0k

Hey, another crackme solved. This time I was checking Am0kCM_2.zip from crackmes.de:





Crackme N.3 by COSTY

Another cool crackme for beginners, this time from C/C++ section from crackmes.de.


KeygenMe v1 by Ollie

I found this app on crackmes.de. Idea was to write a keygen but I've done it in other way:

niedziela, 22 maja 2016

Seattle v0.3 CTF writeup

You should check the Seattle v0.3 CTF - it is another great VM this time from GracefulSecurity.
(I found it few weeks ago on vulnhub.com and now it was a time to do it.) It was again great
pleasure and a lot of fun. Thanks!

So, after quick nmap...

sobota, 21 maja 2016

Pentester Lab CTF - Axis2 and Tomcat Manager

Here we have another one (I believe already solved) CTF from VulnHub. I had a pleasure to check it during one internal CTF prepared for the meeting with the new customer. Below you'll find a quick writeup:

Prepare the VM and run nmap against it:


Pentester Lab CTF - Web For Pentester

Another cool VM from Pentester Lab called "Web For Pentester". Just like before, you can find the ISO on vulnhub.com. Let's find out what we can do with this one. Prepare VM and let's get to work.

As always, let's scan it first to see if there is an interesting service(s) running:


Pentester Lab CTF - From SQLi to PostgreSQL shell

If you're looking for cool CTF's that you can play offline (or during the travel) this site is definitely for you. :) Today we will try if there is a way to get shell on the VM box prepared by Pentester Lab.
Thanks for preparing this!

Run and go
VM is ready, running, so let's scan it:


Crackme by BioHazard

Hey. Another nice crackme was released by BioHazard. You can as always find it here.

To be honest this was a little surprise. I was wondering by there is still an error, and that's how I found...



Crackme by TcN30

Ok, here we'll solve another simple crackme from this site. This one is prepared by TcN30 (thanks!) and is called "password_vb.exe". Let's do it:

Crackme by The Rapture - FishME

During my last visit on www.crackmes.de I found 'few' .NET crackmes to do. I decide to check them (starting from few basics) and describe them here as a small analyze (as well as a memo for me). That's how I found crackme by Rapture (thanks!)

Idea was to get the serial. Unfortunately the serial was hardcoded inside the app so quick journey with .NET Reflector, and you will find it:




Cool. Next time we will try something else...