wtorek, 12 grudnia 2017

'modus operandi' - Piwigo 2.9.2

As I 'promised': Vendor received the details but after all* - to this day - I have no idea what's goin on now... No response, no feedback, so "Vendor don't care" in my opinion. Full disclosure.

'modus operandi' - Horde 5.2.x

Last time we saw few 'moments' when modus.py was started against GeniXCMS. Today we will do the same with Horde (partially described here as well as [1],[2],[3]). So...

wtorek, 5 grudnia 2017

czwartek, 30 listopada 2017

First results from modus.py

Ok. Here we go again... During last few days after I had a pleasure to received some 'results' from CVE Team (1,2,3). I decided that it should be good ('enough';]) idea to create a small 'poc script' (again) to automate a little bit the process of 'finding bugs' (for example: like those mentioned in CVE's reference(s)). Below you will find few details collected after few days of 'research' and pinging the Vendors...

poniedziałek, 20 listopada 2017

RCE via XSS - Horde 5.2.19

This time I decided to sit for a while with Horde Groupware (5.2.19). “Ready to go” virtual machine we can find at Bitnami’s webpage (big thanks!) so using for example VirtualBox – you can set all things up very quickly. Below you will find few publicly disclosed bugs found during last few days...

niedziela, 5 listopada 2017

SQL Injection in ManageEngine Applications Manager 13

This morning I decided to start some new "challenge" related to webapp pentesting. That's how I found latest version of ManageEngine Applications Manager.(You can grab a copy here.) Below you will find some 'results'...

niedziela, 29 października 2017

Microsoft Outlook 2016 - RW/RA Crash

Below I will present 2 bugs from last fuzzing session with Microsoft Outlook 2016. Vendor was notified about those bugs. Just like before (1, 2, 3, 4) here you will find some details...

środa, 25 października 2017

Night fuzzing session - Kaspersky10 on Windows 10 - part 2

In the middle of time, just like before I was playling a little bit with Kaspersky Endpoint Security 10 for Windows 10. New results from the 'night fuzzing session' you will find below...

Patch your Fortinet - CVE-2017-14182

Few weeks ago during some pentest I found that tested Fortinet-appliance is sometime restarting... I wasn't sure about the reason so I decided to contact directly with the Fortinet's PSIRT. Patch is ready so below you will find few details about it. Enjoy...

środa, 11 października 2017

poniedziałek, 9 października 2017

Protostart CTF - heap1 - walkthrough

In our last challenge we were able to overwrite the pointer of winner(). Let's see if we can expoit heap1 available also in ProtostarCTF. Details below...

Protostart CTF - heap0 - walkthrough

During last few days I had a pleasure to learn a little bit more about heap exploitation in Linux. I decided that it will be a good moment to take a look for a ProtostarCTF. Below you will find few details about it...

czwartek, 28 września 2017

Privilege Escalation in ProFTPd 1.3.0

During last few days I was preparing to another CTF competition. As a warm-up I decided to do a(nother;)) quick autopsy, this time of an old bug found in Proftpd - described as CVE-2006-6563. Below you will find some results...

czwartek, 7 września 2017

poniedziałek, 4 września 2017

piątek, 18 sierpnia 2017

Metasploit module for RCE in Trend Micro IMSVA 9.1

According to the story posted yesterday below you will find quick&dirty proof-of-concent module for Metasploit. Big thanks goes to Mehmet for his research. Poc is based mostly on his work.

czwartek, 17 sierpnia 2017

RCE in Trend Micro IMSVA 9.1

Found 16.08.2017 during some research. Maybe you will find it useful.

And, yeah... It's for auth-users only. Anyway... ;) Have fun.

DEP Violation in IBM Notes 9

Found 16.08.2017. Maybe you will find it useful.

ReadAVonIP Crash in IBM Notes9

Found 16.08.2017. Maybe you will find it useful.

ReadAV Crash in IBM Notes9

Found 16.08.2017. Maybe you will find it useful.

Read/Write Crash in IBM Notes 9

Found 16.08.2017. Maybe you will find it useful.

poniedziałek, 14 sierpnia 2017

sobota, 5 sierpnia 2017

Reading malware - Trojan.Delf

In the middle of time I found another test case on MalwareDB - this time we will try to analyze malware described as "Trojan.Delf". MD5 for the sample is b5597304495be0c425e512abd6f39f8c. Let's go!

środa, 2 sierpnia 2017

CVE-2013-1048 quick autopsy

When I was looking for some hints related to "priviledge escalation bugs" I found (on vuldb.com) short description about Apache2 and symlinks. Below few details...

czwartek, 6 lipca 2017

Reading malware - Backdoor:Win32/Darkddoser

Thanks to Malekal’s page (just like before) I was able to „read” some (more) malware(s). Below you will find few details about the "new" (for me) one case (afaik dated to 2015) I had a chance to check…

wtorek, 20 czerwca 2017

Reading malware

During the weekend I started playing with few malware examples. All (malicious) ‘resources’ described in this text you can find online (here or here). Let’s go.

wtorek, 30 maja 2017

sobota, 27 maja 2017

Exploiting Joomla 3.x - Bitnami Edition

Similar scenario could be performed agains numbers of Joomla installation, including 3.7 of course.

Exploiting DokuWiki - Bitnami Edition

Attack scenario similar to the one described before. This time we will try it again Bitnami's DokuWiki installation. Details below...

Exploiting Concrete5 CMS 8.1.0 - Bitnami Edition

As it was mentioned in my last post related to Napalm and Testlink bug(s), you probably saw there 'few other started modules'. As we can say that those 'bugs' are only 'features' I decided to publish them all. Below uploading shell for latest Concrete5 CMS (8.1.0).

Playing offline CTF's

In the middle of time I started some new exercises related to CTF adventures. This time I tried to pass some challenges related to “binarypwn”. Few cases you’ll find described below.

Divided RealPlayer

Crash found during fuzzing an old app - RealPlayer Below few details...

czwartek, 11 maja 2017

Exploiting TestLink 1.9.16 - Bitnami Edition

Hi, in my last post you probably saw some ("started") modules for TestLink... So, yeah, below you will find some details about one of the bug(s) I found during tests related to (last available version of) TestLink (1.9.16) - thanks goes to Bitnami for preparing VM. So...

poniedziałek, 8 maja 2017

Napalm 2.1 feat. Bitnami

I started creating the code basing on ideas from wrapper I created some time ago. Other tool – similar to this one – is of course grabash but here, I decided to change an approach of the tool to the one idea grabbed from the eternalblue-paper – targeted attacks.

TurnKeyLinux feat. OTRS

Few days ago I found a pretty cool site - TurnKeyLinux. You will find there ready-to-go, pre-installed webapps. I decided to findout if there is also OTRS ready to check... Few notes below.

piątek, 14 kwietnia 2017

Multiple Crashes in MS Publisher 2010/16 - part 2

Hi, as I promised last time today you'll find below few more bugs found during fuzzing session with MSPublisher 2010. Try it on 2016 because few of them will work there as well. ;)

wtorek, 21 lutego 2017

LinkedIn scam changes

Due to the fact that I found some weird behaviour on LinkedIn, my accounts will not be available any more. See some screens below for more details.

niedziela, 15 stycznia 2017

piątek, 6 stycznia 2017

Automated scans with OpenVAS and Kali - part 3

For all of those who liked my post about automating scans with OpenVas in Kali Linux, below I prepared a new version of the poc. Maybe you will find it useful too. ;)