poniedziałek, 29 stycznia 2018

Post-auth SQL injection in FreePBX

Last time I found new cool CTF (you will find it at VulnHub) I would like to play. This time it will be something related to some Voip-scenario... Ok. I decided that it will be a good idea to take break for a moment and check the 'latest' available ISO for FreePBX ;]

Because of some problems (VirtualBox and SNG7-PBX-64bit-1712-2) I tried the 'historical' version: 10.13.66-32bit. Below you will find results (related only to the SQL injection bug I found...

sobota, 27 stycznia 2018

Brainpan2 - CTF

After I finished playing Pegasus I started next one VM with CTF called "Brainpan:2". The game was prepared by superkojiman. Thanks to VulnHub you can find it hosted here. Let's play...

piątek, 26 stycznia 2018

wtorek, 23 stycznia 2018

Bulldog - CTF

Last time when I tried CTF from VulnHub it was (as usual;]) very cool. That's why I think, today is a good time to try another one. This time we will check Bulldog CTF by Nick Frichette (thanks!).
Let's start from the beginning...

poniedziałek, 22 stycznia 2018

wtorek, 16 stycznia 2018

Fuzzing ArcSight 6.x - 01 - ArcSoloBug.exe

I think it is some kind of an old-ancient exe 'still available' after the default installation... Anyway. Few details below. Maybe you will find it useful...