wtorek, 30 maja 2017

Exploiting MODX - Bitnami Edition

Thanks to Bitnami I had a chance to use latest MODX. I assumed that poc-code will work for both versions: Bitnami's and the one available here, so let's get to work.

sobota, 27 maja 2017

Exploiting Joomla 3.x - Bitnami Edition

Similar scenario could be performed agains numbers of Joomla installation, including 3.7 of course.

Exploiting DokuWiki - Bitnami Edition

Attack scenario similar to the one described before. This time we will try it again Bitnami's DokuWiki installation. Details below...

Exploiting Concrete5 CMS 8.1.0 - Bitnami Edition

As it was mentioned in my last post related to Napalm and Testlink bug(s), you probably saw there 'few other started modules'. As we can say that those 'bugs' are only 'features' I decided to publish them all. Below uploading shell for latest Concrete5 CMS (8.1.0).

Playing offline CTF's

In the middle of time I started some new exercises related to CTF adventures. This time I tried to pass some challenges related to “binarypwn”. Few cases you’ll find described below.

Divided RealPlayer 16.0.2.32

Crash found during fuzzing an old app - RealPlayer 16.0.2.32. Below few details...

czwartek, 11 maja 2017

Exploiting TestLink 1.9.16 - Bitnami Edition

Hi, in my last post you probably saw some ("started") modules for TestLink... So, yeah, below you will find some details about one of the bug(s) I found during tests related to (last available version of) TestLink (1.9.16) - thanks goes to Bitnami for preparing VM. So...

poniedziałek, 8 maja 2017

Napalm 2.1 feat. Bitnami

I started creating the code basing on ideas from wrapper I created some time ago. Other tool – similar to this one – is of course grabash but here, I decided to change an approach of the tool to the one idea grabbed from the eternalblue-paper – targeted attacks.

TurnKeyLinux feat. OTRS

Few days ago I found a pretty cool site - TurnKeyLinux. You will find there ready-to-go, pre-installed webapps. I decided to findout if there is also OTRS ready to check... Few notes below.