wtorek, 31 grudnia 2019

Postauth RCE in latest NagiosXI

Last time I described few XSS bugs for latest Nagios (5.6.9). During the research and code review I found a possibility for RCE. Below you will find the details from the journey. Here we go...

poniedziałek, 30 grudnia 2019

Multiple XSS bugs in Nagios 5.6.9

This time I decided to check latest version of Nagios (5.6.9). Below you'll find few details from few hours of testing. Here we go...

sobota, 28 grudnia 2019

Testing SSRF in LiquiFireOS

During one bugbounty I found that the target webapp is presenting some 'interesting errors' in responses. ;) As this is always a nice and cool 'hint' to see during pentests/ctfs I decided to dig a little bit more. Below you will find the details for SSRF found in LiquiFireOS. Here we go...

piątek, 27 grudnia 2019

Testing Android apps - mini lab

Last time when we talked about Android apps on the blog we tried to play "Assasin's Creed". Today I decided to build a small lab to prepare it for future projects. Below you'll find few notes about it. Here we go...

piątek, 29 listopada 2019

From 0 to 0day - quick fuzzing lesson

In most time the question(s) you're asking me via blog or twitter is: "how to prepare a fuzzing lab" or "how to perform an analysis of the crash we found". I decided to spent last few days for preparing a small example for you to give you the answer(s) for both of the questions. Below you will find the details. Here we go...

czwartek, 28 listopada 2019

XSS in Oracle EPMS

I was asked to help during the webapp pentest of Oracle EMPS. I decided to share one found XSS bug with you. Below you will find the details. Here we go...

wtorek, 19 listopada 2019

Reading spam for a breakfast

Today I woke up at 5:00 AM and I decided that this is a great moment to read some SPAM. ;) Coffee is ready so here we go...

sobota, 16 listopada 2019

Quick memory review - extracting secrets from Hikivision iVMS-4200

Last time I tried to use Sysinternals to check few things in Windows 10. This time I tried to get some more details (read: passwords;)) to use it during lateral movement (if needed). Below you will find the details of this scenario. Here we go...

sobota, 9 listopada 2019

Sysinternals Suite - quick review for Windows 10

Sometimes during the project at the Client's office you can see that environment there is mostly hardened well (so for example we can not install new soft, we can not open new ports or add users and we can not connect our laptop to the network, etc). In that scenario I decided to check some tools from Sysinternals Suite. Below you'll find few notes. Here we go...

czwartek, 7 listopada 2019

wtorek, 5 listopada 2019

Fool-AV-riend - Windows 10


Few days ago I was reading one of the tutorials related to 'pentesting AD'. They are all pretty cool. You can learn a lot from the content presented by the authors. But my question is...

Crashing HoneyView 5.31

During last week I was looking for some new soft to fuzz. This time I tried Honeyview (v. 5.31). Below you will find the details. Here we go...

Crashing Better JPEG

Last week I tried to fuzz few 'new' soft I found somewhere online. Below you will find the details about one image viewer called Better JPEG (v.3.0.3.0). Here we go...

sobota, 26 października 2019

Responding to Windows 10

I decided to prepare a small Windows-based VM to check few cases related to 'workstation security'. Below you will find the details about Windows 10 I used against Kali Linux. Here we go...

wtorek, 22 października 2019

Random bytes in VLC 3.0.8

Last time we had some fun with previous versions of VLC. This time I decided to run VLC 3.0.8 on Windows 7 (32bit) and prepare a fuzzer to help. Below you will find some results. Here we go...

poniedziałek, 14 października 2019

PicoCTF 2014 - both overflow challenges

In this post I decided to describe a quick way to exploit both overflow challenges from PicoCTF 2014. Below you will find the details. Here we go...

PicoCTF 2014 - execute

This time I tried to execute (a challenge from PicoCTF 2014). Below you will find quick details. Here we go...

PicoCTF 2014 - format

Last time I tried best shell from PicoCTF 2014. Today I tried to solve the format challenge. Below you will find the details. Here we go...

Protostar CTF - format2

In the meantime I decided to try next format-challenge from Protostar CTF - format2. Below you will find the details. Here we go...

środa, 9 października 2019

PicoCTF 2014 - best shell

Last time I tried to solve few challenges from Pico CTF 2013. This time I decided to check few cases from next edition - 2014. Below we will try to solve "best shell" . Here we go...

niedziela, 6 października 2019

Testing DVNA

I was looking for example vulnerable webapps based on NodeJS and that's how I found Damn Vulnerable NodeJS Application. I decided to check it. Below you will find the details. Here we go...

środa, 25 września 2019

Crashing WebAccess/HMI Designer 2.1.9.31

During last week one of the cases was to run fuzzer with some new software to find some new bugs. This time I decided to check WebAccess/HMI Designer (version 2.1.9.31). Below you will find the details...

piątek, 13 września 2019

Crashing FortiGate VM 6.2.1 - httpd

After (some about) 6-8 months today I finally found a moment to go back to the idea I discussed with a friend ('Ścisła Dieta Homarowa' aka. 'Tylko homary Team' ;)) and "check those VM image(s) for (few) popular 'network appliances'". That's how I tried to play with my good old friend - Fortinet. :) Here we go...

niedziela, 1 września 2019

środa, 21 sierpnia 2019

Wakanda CTF

This time I tried Wakanda CTF prepared by xMagass. Here we go...

ret2libc1 challenge

This time we will check ret2libc1 challenge. "Practice, practice, practice..." Here we go...

ret2shellcode challenge

I like this kind of challenges so I decided to do another one - ret2shellcode. Here we go...

stackoverflow-intro challenge

This time I decided to check one simple challenge found somewhere between other challenges found at github. We will check stackoverflow-intro (pretty similar to few cases from Protostar CTF). Here we go...

Symfonos:1 CTF

Today I decided to check Symfonos:1 CTF shared by VulnHub. Here we go...

wtorek, 20 sierpnia 2019

poniedziałek, 19 sierpnia 2019

PicoCTF 2013 - overflow5

This time I tried overflow5 from Pico CTF 2013. Below you will find the details...

Creating evil module for Wordpress

Last time when I created 'evil module' we talked about web based on Drupal. Today we will try to achieve similar results for Wordpress. Here we go...

PicoCTF 2013 - overflow4

This time we will check overflow4 challenge. Let's do it...

PicoCTF 2013 - overflow3

Let's move directly to part3 of the "overflow's challenges" from Pico 2013 - overflo3. Here we go...

PicoCTF 2013 - overflow2

Last time we tried to exploit overflow1. Today we will check next challenge - overflow2. Here we go...

PicoCTF 2013 - overflow1

First overflow1 challenge from PicoCTF 2013. Old but (still) good for a practice. ;) Let's do it...

Escalate_Linux:1 CTF

This time I decided to check one the latest VM available at VulnHub called Escalate_Linux:1 (by Manish Gupta). Let's go...

wtorek, 23 lipca 2019

piątek, 19 lipca 2019

Protostar CTF - Stack0

I decided to check one old CTF called Protostar (again;)). This time we will try to solve some 'stack challenges'. Let's start from the beginning...

czwartek, 18 lipca 2019

XSS in Zurmo CRM

If you are already familiar with last 2 cases[1, 2] we can run our 'new Burp settings' with 'another webapp'. This time let's try Zurmo CRM. Here we go...

XSS in TestLink 1.9.19

Last time we talked about automating Burp scans to find few more low-hanging fruits during bug hunting. Today we will try to achieve similar results - this time for latest TestLink (1.9.19 available at Bitnami). Here we go...

XSS in DokuWiki

Last time we talked about DokuWiki when I was checking Bitnami resources. Today I decided to try it again but this time I used Burp Proxy to automate the process of finding bugs in webapps. Here we go...

poniedziałek, 17 czerwca 2019

Unquoted path for CA Deploy Agents

Sometimes during pentest(s) we can find some not-so-usual ports open. Few of them you can find described here or here in latest posts. But today we will check "that 6600/tcp" port open. Here we go...

niedziela, 9 czerwca 2019

Few more quick tests

Last time I described small script you can use (or create) during your pentests. Below you will find a little continuation of the paths started last time. So...

piątek, 31 maja 2019

Lazy Enlil

Sometimes during pentests we can find pretty similar "environment(s)". By environment - this time - I mean open ports, possible (mis)configuration bugs or default passwords still used for access the target box/app. That's why I decided to start 'something new'...

czwartek, 9 maja 2019

Crashing DeviceNet Builder

Below you will find few details from just another fuzzing session - this time I tried DeviceNet Builder (2.04) from DeltaElectronics. Here we go...

Unquoted path in ActiveFax Server 6.70

Found last week during some 'Windows 7 exercises'... Few details you'll find below...

Crashing Alternate Pic View

This time I decided to check Alternate Pic View. Below you will find few details. Here we go...

Unquoted path in Softros LAN Messenger

Found last week during some 'Windows 10 exercises'... Few details you'll find below...

Crashing Edraw Max

Below you will find few details from just another fuzzing session - this time I tried Edraw Max (7.9.3). Here we go...

poniedziałek, 25 marca 2019

czwartek, 21 marca 2019

Crashing XnView 2.48

Last time when we talked about bugs in XnView I was surprised 'how good' can be the response 'from the Vendor'. But when 'response' is not 'responsible' - responsible disclosure is pointless. So, here we go...

niedziela, 24 lutego 2019

sobota, 23 lutego 2019

niedziela, 17 lutego 2019

Go! RabbitMQ, go!

After a while I decided to check few other machines available on Bitnami (and/or TurnKeyLinux). This time - just like before - I used Ubuntu 18 server to re-create environment and install 'application' from the scratch. Today we will try RabbitMQ

Sleepy - CTF

I woke up again at 3 AM so it was... a good time to finish one of the CTF(s) I started few weeks ago - this one is called Sleepy ;) . Machine you can find online thanks to VulnHub Team. Below few details from the journey...

sobota, 9 lutego 2019

RCE in Enterprise VA MAX

Just like few times before I was looking for some new VM appliance to check. This time I found "Enterprise VA MAX" prepared by loadbalancer.org. Below you will find few details about the bug I found in version v8.3.4 (afaik 'latest' one). Here we go...

czwartek, 31 stycznia 2019

RCE in ZenLoad Balancer

Last time we had a pleasure to check some RCE(s) in Artica. This time I decided to try ZenLoad Balancer. Below you will find few details...

wtorek, 29 stycznia 2019

RCE in Artica

Last time somewhere online I found Kaspersky Proxy Server ISO. It was a little surprise for me when I saw that this 'appliance' is based on Artica Proxy. Below you will find few details from the journey...

poniedziałek, 28 stycznia 2019

Reading TrendMicro - OfficeScan

When I was googling for some 'new software' (to check it during my simple fuzzing) I found an old installer of TrendMicro OfficeScan. It occurred that we can 'crash the agent app'... Below you will find few more details...

środa, 16 stycznia 2019

Exploiting BlazeDVD

I wasn't very satisfied after my last case so I decided to check another software. This time I tried to exploit BlazeDVD. Below you will find few details about it. Here we go...

sobota, 12 stycznia 2019

Crashing Zelio Soft 2

Yesterday I found the software called Zelio Soft 2. I decided to fuzz it a little bit. Below you will find few results from the night (24h fuzzing with 1 sample). Here we go...