poniedziałek, 29 stycznia 2018

Post-auth SQL injection in FreePBX

Last time I found new cool CTF (you will find it at VulnHub) I would like to play. This time it will be something related to some Voip-scenario... Ok. I decided that it will be a good idea to take break for a moment and check the 'latest' available ISO for FreePBX ;]

Because of some problems (VirtualBox and SNG7-PBX-64bit-1712-2) I tried the 'historical' version: 10.13.66-32bit. Below you will find results (related only to the SQL injection bug I found...

sobota, 27 stycznia 2018

Brainpan2 - CTF

After I finished playing Pegasus I started next one VM with CTF called "Brainpan:2". The game was prepared by superkojiman. Thanks to VulnHub you can find it hosted here. Let's play...

piątek, 26 stycznia 2018

wtorek, 23 stycznia 2018

Bulldog - CTF

Last time when I tried CTF from VulnHub it was (as usual;]) very cool. That's why I think, today is a good time to try another one. This time we will check Bulldog CTF by Nick Frichette (thanks!).
Let's start from the beginning...

wtorek, 16 stycznia 2018

Fuzzing ArcSight 6.x - 01 - ArcSoloBug.exe

I think it is some kind of an old-ancient exe 'still available' after the default installation... Anyway. Few details below. Maybe you will find it useful...