Reading firmware - Foscam

Few months ago - as you probably remember - I started section related to 'reading firmwares'. Few results from the journey you have already published on the blog (for example: 1, 2, 3). In September I found another firmware, this time related to Foscam and this is what I found inside...

Typhoon CTF

This time I tried one of the latest CTF available on VulnHub, called Typhoon. Below you will find few notes about it. Here we go...

Sedna CTF

After the last VM I decided to check another one - this time prepared by Viper, called Sedna. More details you will find here shared thanks to the VulnHub. Here we go...

Command Injection - CTF

Below you will find few details about the CTF prepared by PentesterAcademy. Here we go...

Crashing VLC 3.0.4

This time I decided to prepare a quick fuzzing case(s) for latest VLC - (version 3.0.4 for  24.12.2018@01:24). Below you will find few details...

Crashing CANOpen Builder

Last time we talked about few bugs found in ISPSoft and DCISoft. Today we will check the crash for CANOpen Builder by Delta Electronics. Here we go...

Crashing FantaMorph

Last time during the fuzzing we were able to crash DCISoft. This time we will check few bugs found for FantaMorph 5.4.8. Here we go...

Reading firmware - Fortigate VM

Our mini-lab is prepared so we can try another 'firmware'. This time, somewhere on Google, I found "Fortigate's VM" called "FGT_VM64_VMX-v5". Let's see what's inside it...

Crashing DCISoft

Last time we talked about crashed ISPSoft. This time I decided to publish few crashes for DCISoft available at Delta Electronics web page. Below you'll find few details...

Pentesting AD - we the user

Last time we enumerated enough to be 'the user', so today we will start from this point: we are the user - logged in. Here we go...

Crashing ISPSoft

Few days ago I decided to fuzz a little bit one software available at Delta Electronics web page. This software is called ISPSoft and you can find it here. Below few quick results...

Pentesting AD - enumeration

Last time we prepared some small "AD environment". This time we'll try to 'enumerate AD' to get some useful information about the target. Here we go...

Pentesting AD - preparing environment

This time we will prepare our own small "AD environment". To do this ...

Learning routers - part 2

It's been a while since I was checking router firmware(s) last time ('officially' ;] anyway... ). Today we will try to prepare a "working environment" again but this time we will use buildroot to do that. Here we go...

Matrix - CTF

Last time I got a pleasure to check one of the latest CTF VMs shared by Vulnhub, called Matrix. So let's see if there is no spoon... ;) Here we go...

Crashing LibreCAD 2.1.3

In the meantime I had a moment to run fuzzer against LibreCAD. Below you will find few notes about the crash found in version I tried - 2.1.3. Here we go...

Freshly CTF

This time I decided to check one of the CTFs prepared by TopHatSec and shared here - thanks to VulnHub. Below you will find notes from the journey. Here we go...

Misconfigured Redis

One of the category of VMs available on Bitnami was tagged as #database. I decided to check Redis this time. My goal was to install it on clean Ubuntu 18 server and configure as 'vulnerable'. Let's say it will be our small 'vulnerable Redis Lab' ;) Here we go...

Stored XSS in Dolibarr 8.0.2

Last time I found few XSS bugs in Dolibarr ERP/CRM (version 8.0.2) available at Bitnami. Maybe you will find it useful...

OpenLDAP - from XSS to RCE

Today I was using OpenLDAP VM from TurnKeyLinux (version 1.2.3 - available here). After I found some small bug (postauth stored XSS) I was wondering how can I use it during my 'pentest'. Below you will find an example.

Here we go...

Node:1 - CTF

Hi. It's been a while... when I tried to play CTF last time. So I decided to try a next one available online thanks to VulnHub. Let's try Node:1 CTF. Here we go...

Cracking .NET apps

Last time we had an opportunity to review few crackmes solutions. This time we will check how to solve crackme created in .NET. Here we go...

Few cracking notes

After a while I decided to go back to resources from crackmes.de (mirror I found here).
As usual, my main goal was to (more) understand ASM and (finally) print the 'congratulation' message. Let's try to do it... :)

DLL Injection - part 1

During last weekend I was looking for some possible scenario(s) for DLL injection case I wanted to solve. Below few deatils about it...

Featuring Trac

I was wondering what's new on Bitnami and if there is any new VM I can try. There is! :) That's how I found the Trac VM. Below, just a quick story from that webapp and the 'feature' ;) (not a bug) I tried to exploit there... Here we go.

Crashing FreePlane

Below you will find few crashes for the latest FreePlane (1.6.15 32bit). Found few weeks ago (~10.08.2018) during one fuzzing session. Enjoy...

Crashing KMPlayer

As far as I know KMPlayer just released a new version, so below you will find few bugs for the 'old one' ;) Let's go...

venome.sh - simple msfvenom "generator"

Sometimes I'm looking for a quick file to check the possibility of reverse-shell... This time I prepared a small bash-script to speed it up ;) Maybe you will find it useful...

PwnLab: init - CTF

Hi. It's been a while since I tried to play CTF's so below you'll find a quick review for the one I found one time at VulnHub. Let's do it...

Updating XnView

As far as I remember few days after "last" CTF from VulnHub posted here, I decided to check an interesting photo viewer called XnView. Below you will find few details ...

Sample fuzzing automation

Below you will find few notes from sample (and simple ;)) "fuzzing automation". It is not a rocket science but maybe you will find it useful...

Crashing nmap 7.70

Last time we saw nmap 7.60 (Kali) crashed during (let's say;)) quick scan of one target machine from VulnHub. Today I decided to check if I will achieve similar results for version 7.70. Details you will find below...

Crashing nmap 7.60

As you probably know sometimes I'm trying to play CTF's from VulnHub. During one game I found that nmap 7.60 (default install on Kali) is acting "weird" (read: presenting SIGSEGV ;]). Below you will find few details...

CVE-2018-6892 quick autopsy

After a pretty busy week I decided to take a break and ... check some updates from Beyond Security Blog. I assumed it will be a good idea to check it on the VM. Here we go...

Reading malware - your sister

In the meantime I decided to check again if there is something 'new' in logs from one of the honeypots I decided to run some time ago. Below you will find few details from the journey...

in.security - CTF

During last weekend I found few 'new' (for me) CTFs on Vulnhub. After last two I decided to try another one ;] This time I tried the game called "in.security". Here we go...

Zorz - CTF

When Quaoar CTF was finished I decided to try another one - this time I tried ZorZ CTF prepared by TopHatSec. Thank to VulnHub you can find this machine available here. Here we go...

Quaoar - CTF

During last weekend I had a pleasure to check few more CTF's hosted by VulnHub. This time we will check out "Quaoar". Big thanks this time goes to @ViperBlackSkull who prepared the game. Let's play...

Exploiting Monstra CMS 3.0.4

Last time when I tried HackTheBox CTF I found that one of the machines has Monstra CMS installed. Because I found that few bugs are already publicly disclosed for that CMS[1,2,3] I decided that it will be a good idea to do another "quick autopsy"... Here we go.

Nineveh: v0.3 - CTF

Lately I had a chance to check 'new' CTF from VulnHub, described as a part of HackTheBox Lab. Below you will find few notes about it. Thanks to Yas3r - this time we will try Nineveh: v0.3.
Let's go.

Exploiting CyberArk 10.2.1.603

Some time ago I found few bugs in CyberArk (version 10.2.1.603). I think that because all of them are 'for logged-in users only' - maybe you will find it useful. ;) Few details below...

Csharp: VulnJson - CTF

Below you will find some notes from Csharp: VulnJson - another nice CTF hosted by VulnHub. This time we will try to exploit SQL injection via JSON. Let's do it...

Fiddler Bug - case 01

One day I started Fiddler in a different way than usual. Below you will find few notes about it... ;]

billu b0x - CTF

When I was waiting for the results from john from the last post I decided to run another VM with new CTF box. This time I tried "billu: b0x" - machine prepared by Manish Kishan Tanwar. I started from...

Crashing Photoshop CS3

Last time when I was fuzzing I had a pleasure to find few bugs in one IBM product... This time you will find few similar bugs but for Adobe Photoshop CS3. Portable version is available somewhere online, so let's get to the details...

De-ICE: S1.140 - CTF

In the middle of time I was playing another cool CTF hosted by VulnHub. This time I decided to try De-ICE: S1.140 prepared for the series called ... De-ICE ;] Here we go...

WriteAV / NullPtrDeref for IBM Lotus Notes 8.5

Below you will find few new files from my 'small fuzzing session(s)'. Some older cases you can also find here but below we will present the crash of IBM Lotus Notes 8.5.3. Here we go...

Make free the VLC

Few weeks ago (after some small talk about the VLC bugs I found in the past) I was asked to 'check' the "new version" of VLC (3.0.1). As far as I'm concern there is already version 3.0.2, so I think it's a good time to drop few notes about the results of one month of fuzzing. Here we go...

Few bugs in latest Nagios XI 5.4.13

As you probably already know from time to time I'm trying to work on small and simple python script - called modus.py[1,2]. It's also fun to run some VM in the background (for example with some webapp - like Bitnami's VM collection [3,4,5]) and start to do a blackbox test to find some cases to future analysis... This time below you will find few results for 'latest' Nagios XI - 5.4.13. Here we go...

OwlNest - CTF

During last few days I tried to solve another CTF from VulnHub. This time I decided to try OwlNest prepared by Swappage . Below you will find few notes about the game. Let's play...

Kevgir CTF

Just like before I found another nice CTF on VulnHub - this time called Kevgir and prepared by CanYouPwn.Me. Below you will find quick writeup for solving this challenge. Let's go...

Mr Robot CTF

Today I had a time to check Mr-Robot CTF created by Leon Johnson. It was pretty cool CTF, you should definitely try it. :] Below you will find the details about how I solved it. Here we go...

Dina CTF

When the Gibson was done I had a time to check another great CTF hosted by VulnHub. This time the game was prepared by Touhid Shaikh - thanks! :] Below you will find few details showing how I solved this challenge. Here we go...

Gibson CTF

Last time when I was looking for the job 'HR' told me that "I'm not good enouh" to hack their planet. Well. This time we will try the Gibson CTF (prepared like before by knightmare). "We will show them Lucy...!" ;]

Droopy CTF

In the middle of the other games available at VulnHub I found the new one I decided to try. This time we will work with Droopy CTF provided by knightmare (thanks!). Here we go...

Hints and notes to CTF pentests

Sometimes when I'm playing CTFs I'm using 'few commands and/or tools' to automate the job a little bit. Below you will find few notes about it. Maybe you will find it useful... Enjoy.

DC416 - Fortress - CTF

Last weekend I tried another cool CTF from VulnHub - DC416 Fortress. This time the game was prepared by VulnHub CTF Team. Below you will find my solutions to all the challenges. Let's go...

Post-auth SQL injection in FreePBX

Last time I found new cool CTF (you will find it at VulnHub) I would like to play. This time it will be something related to some Voip-scenario... Ok. I decided that it will be a good idea to take break for a moment and check the 'latest' available ISO for FreePBX ;]

Because of some problems (VirtualBox and SNG7-PBX-64bit-1712-2) I tried the 'historical' version: 10.13.66-32bit. Below you will find results (related only to the SQL injection bug I found...

Brainpan2 - CTF

After I finished playing Pegasus I started next one VM with CTF called "Brainpan:2". The game was prepared by superkojiman. Thanks to VulnHub you can find it hosted here. Let's play...

Pegasus - CTF

In the middle of time I had a chance to check another cool CTF hosted at the VulnHub. This time we will play Pegasus by Knapsy. Let's go...

Bulldog - CTF

Last time when I tried CTF from VulnHub it was (as usual;]) very cool. That's why I think, today is a good time to try another one. This time we will check Bulldog CTF by Nick Frichette (thanks!).
Let's start from the beginning...

SkyTower - CTF

In the middle of time I had a chance to check another cool CTF hosted at the VulnHub. This time we will play SkyTower by Telspace. Let's go...

Fuzzing ArcSight 6.x - 01 - ArcSoloBug.exe

I think it is some kind of an old-ancient exe 'still available' after the default installation... Anyway. Few details below. Maybe you will find it useful...

Wipe TrendMicro - Deep Discovery Inspector

Well. This time I found that if you're logged-in you can 'wipe' remote device using one request... Here we go...

Few crashes for MS Access 2010

(afaik 19... :| )

Few crashes - MS Publisher 2010

(no time...)

Few notes for v0.7

(No time. maybe later.)