Code16 - Notes Magazine - 03

Hi, it looks like we have a Xmas version of the new Notes Magazine#03 ;) Short description you'll find below. Here we go...

Code16 - Notes Magazine - 02

 Hi. As you probably remember last time I decided to start a new series on the blog called "Notes Magazine". Below you'll find a new release - #02. Here we go...

Code16 - Notes Magazine - 01

Hi. I decided to change a way of posting this time. Below I presented a small surprise for you. Maybe you'll find it useful. Here we go...

Following the light

Few days ago I tried to find 'something for me' in the online shop that someone described as a 'good place to start'. So I started. Below you'll find few last notes about it. Here we go...

My 1st hardware bug

Few days ago I started to learn more and more about the power and all of those tricks related to the energy ;] That's how I found "my first hardware bug" :D Few notes you'll find below. Here we go...

Simple GUI with Tkinter: Alinoe

Last Friday I decided to build a small tool for CTFs. This time I tried to use Tkinter. Below you'll find few notes about it. Here we go...

Scanning Docker Images

Ok. So far we already know how to prepare a small lab based on docker as well as how to configure it. Today we'll try to find some bugs. Here we go...

Creating your first CTF VM

It's always a pleasure to play another new VM found on VulnHub. I was wondering how can I prepare a similar "CTF VM" by myself. Below you'll find few notes about it. Here we go...

Basic Pentest Lab with Docker

Few days ago I started reading some "new" materials I found about Docker. That's how I decided to write few notes about it. Here we go...

Postauth RCE in Nagios 5.7.2

Last time when I was checking NagiosXI is described here[1, 2, 3] so you could already get some 'basic introduction' to the topic. Below you will find new more details - this time for (again) 'latest' version (5.7.2). Here we go...

Scheduling Checkpoint Gaia

It was a busy time during last few days but in the meantime I decided to install Checkpoint Gaia. Below you'll find few notes about it. Here we go...

No eXecution for PicoCTF 2019

Looks like another good day to learn (and practice) more about binary exploitation. :) After bypassing ASLR and NX last time I decided to check it 'somewhere online'. That's how I found one of the challenges available for PicoCTF 2019. Below you'll find the details. Here we go...

Bypassing NX with ASLR on Ubuntu

Quick example of a challenge I found online (and modified a little bit to practice bypassing ASLR with NX). Below you'll find the details. Here we go...

Grounding drones - Tello DJI

While ago I was reading a bit about the drones. Last time I decided to check it again, just to summarize it. Below you will find few notes. Here we go...

Stack overflow for beginners - ARM

Preparing myself to the 'future research' I decided to read and learn more about ARM. Below you'll find few notes about it. Here we go...

Using GEF for bug exploitation

Today we'll start using GEF - GDB Enhanced Features. Below you'll find few quick notes about how I installed it and how I used it to create a small basic stack overflow exploit. Here we go...

Postauth SQLi in SiTracker v3.67 p2

Few days ago I tried another VM from TurnKeyLinux - SiTracker (v3.67 p2). Below you will find few notes from the journey. Here we go...

WooPer - for Wordpress enumeration

Last time when I was looking for some new malware sample(s) I found that multiple websites (serving malicious content) are based on Wordpress. I was wondering why 'attacker' decided to try them as a jump host. Below you'll find few notes about it. Here we go...

Reading malware - MS Office Macros

Yesterday I decided to visit this page again to see if I'll be able to find some 'fresh malicious files'. This time I was looking for some 'malwares' prepared for MS Office users. Below you will find the details. Here we go...

Reversing Drones - mission planning

During the weekend I decided to fly again... ;] This time to do that we'll use my new drone called Tello DJI. Below you will find few notes and some details. Here we go...

Reversing Drones - quick intro

Last time I decided to finaly check some 'other machines' too - the flying one - drones ;). Below you will find few (first) notes about it. Here we go...

My Tomcat Host: 1 - CTF

Last time I found on VulnHub few new VMs. One of them was "My Tomcat Host:1". I decided to check it. Below you will find few notes about it. Here we go...

VulnUni CTF

It's been a while since I last time played CTFs from VulnHub so today we'll try something nice and easy - a CTF called VulnUni. Here we go...

Preloading Linux binaries

Using LD_PRELOAD to exploit/reverse binaries was presented to me in 2006. Below I will show you a very basic usage for some small example found online. Here we go...

Reading malware - unpacking ASPack 2.12

Today I decided to check some 'new samples available online' and that's how I found the one called "gwzsesxxgq.exe". Below you'll find the details. Here we go...

Reading malware - DDoS Perl Bot

It's been a while since I was reading (anything in) Perl ;) so during last lazy Sunday I decided to check one of the sample malware available here. Below you will find the details. Here we go...

Reading malware - 8UsA.sh

Internet is a special weird place. Sometime you can find an unicorn other time you can find an ELF. Today we'll look around for some new ELF in our world of imagination. Here we go...

Cracking .Net - Anti-Reflector crackme

This time we'll check one basic crackme prepared in .Net. Below you will find the details. Here we go...

Reading malware - orbitclient.x86

After reading last cases of malwares found online I decided that I will check one more again. ;) Below you will find few notes about it. Here we go...

Reading malware - yakuza.x86

After reading SNOOPY I decided to check one more sample available here. This time I found malware called yakuza.x86. Let's try to understand what this code can do. Below few notes. Here we go...

Reading malware - SNOOPY

Yesterday I had a chance to check few of the 'new malware samples' available here. Below you'll find few notes about it. Here we go...

CrackMe for Beginners

I decided to create a „CrackMe for Beginners” paper to prepare some basic ideas and hints for new reversers. After a while there were a few 'papers' related to the subcjet so I decided to publish it on the blog. Below you will find the details. Here we go...

Quick malware analysis

In the meantime I decided to look for some 'new malware' to check in my VM lab. After few minutes I found one sample dropped today just few hours ago. Let's see what I found. Here we go...

No python, no problem

Sometimes during our pentests we are facing the situation when we can not bring our own laptop with the whole great set of tools installed and prepared. We can only 'pentest' the target (box/app/scope) from the machine prepared by the Client. It can be annoying when you can't use tools like nmap or netcat but we'll try to fix that. Here we go...

Creating evil module for PrestaShop

Yesterday I decided to check PrestaShop (VM available at TurnKeyLinux) 1.7.4.4. Below you'll find few notes. Here we go...

...and now we are free

Release #01 -  FYI.

Postauth SQLi in Centreon 19.10-1.el7

I saw that you liked the little series about Centreon bugs[1, 2] so below I prepared a new post for the SQL injection found in latest version (centreon-vbox-vm-19.10-1.el7). Here we go...

Crashing VMPlayer 14

Since last few weeks I'm looking for some fresh and new OVA/ISO images I can install and pentest at home. Two days ago I found another one image. Results you'll find below. Here we go...

Postauth RCE in multiOTP

This time I decided to check multiOTP 5.0.4.4. Below you will find the details. Here we go...

Pentesting Zen Load Balancer - quick tutorial

Last time we talked about Zen Load Balancer few weeks ago. Yesterday I decided to check it again to find something similar and maybe create a little tutorial. Below you will find the details. Here we go...

Creating poc for preauth Symantec Web Gateway RCE

Last time we talked about postauth RCE bug I found in Symantec Web Gateway. Today we'll try to find few more bugs - this time for unauthorized users. Here we go...

Postauth RCE in Symantec Web Gateway

Last time I decided to check Symantec Web Gateway (version I tried was 5.0.2.8). Below you will find few notes from the journey. Here we go...

Creating poc for NagiosXI 0day

I see you liked the 'NagiosXI series' ;) so I prepare a quick step-by-step tutorial for you. Reader will be able to create his/her own working poc for the 0day bug(s) described here. Here we go...

Postauth RCE in ManageEngine 14

This time I tried to find some way to run 'my own code' on latest ManageEngine (version 14). Below you will find few notes about it. Here we go...

Postauth RCE bugs in NagiosXI 5.6.11

Just like before - I tried to find something interesting in 'latest' NagiosXI. Below you will find more details about it. Here we go...

Postauth SQLi in latest NagiosXI 5.6.11

Yesterday I found that latest NagiosXI (5.6.11) is vulnerable to multiple (postauth) XSS bugs. Today I decided to continue the research to find out if I will find some other bug(s). Below you will find the details. Here we go...

Nagios 5.6.11 XSS'd

Because today most of time I was in a train... most of time I spent on checking latest Nagios XI (5.6.11) VM. :) Below you will find few notes about it. Here we go...

RCE in Artica 4.26

Last time I found RCE bug in an old Artica Proxy. This time I decided to check the latest one. Below you will find few results. Here we go...

Playing games with Games

Few days ago it was heavily raining so "inspired" ;) with the all grey buildings outside the window I decided to play some games. Below you will find few notes about it. Here we go...

Postauth RCE in Centreon 19.10 - part 2

After the last part(y) with Centreon 19.10 I decided today to check it again. Below few notes for you. Here we go...

Postauth RCE in Centreon 19.10

Few hours ago I decided to check latest version of Centreon Monitoring Tool (19.10). Below you will find few notes from the journey. Here we go...

Bug bounty scam program

I think now it's time to finaly write few words about the one 'bug bounty' program I had a 'pleasure' to try. Today we will talk about HackerOne platform. Below few details about why (in my opinion) this is scam. Here we go...

Exploiting Dolibarr 11

This time I tried to check one of the ERP/CRM software available on the market. I decided to try latest version of Dolibarr from Bitnami resources (. Below you will find few notes about it. Here we go...

Escaping from the Fort - quick CVE-2017-14187 autopsy

I don't know how many times I was wondering how can I get a binary of httpsd from the Fortinet device(s). Last time I tried again using some 'new approach'. ;) Below you will find few notes. Here we go...

Trying harder...

It is not a secret anymore that last week I achieved OSCP certificate. So for all of you who still want to get it too - below few words "from me". ;) Here we go...

From 0 to 0day - manual approach

Few weeks ago we talked about file format fuzzing. Today we will try to find the bug using only 'manual approach'. ;) Below you will find the details. Here we go...

Stack overflow for beginners - part 2

In the meantime I decided to check (again) some cases related to buffer overflow bugs we can find during CTF(s). This time we will talk about buffer overflows in x64 architecture. Few notes you'll find below. Here we go...

Me and My Girlfriend - CTF

Today I decided to try one of the latest CTFs from VulnHub called 'Me and My Girlfriend'. ;) Below you will find the details. Here we go...

Prime1 CTF

Below you will find some notes about Prime:1 CTF from VulnHub prepared by Suraj Pandey. Here we go...

Shared Windows - quick pentest notes

Today I tried to prepare a short list for few ‘quick paths’ to escalate in Windows - from low-privileged user to the Admin (or NT AUTHORITY\SYSTEM). Below you will find the details. Here we go...

Hacker Fest 2019 CTF

Few days ago I decided to try some new CTF(s) available at VulnHub. This time I player "Hacker Fest 2019" prepared by Martin Haller. Below you will find the details. Here we go...

Fax and Scan from Win7 to Win10

Last time I was doing some new little experiments with procmon.exe. In the meantime I decided to look around more deeper in c:\windows\system32 directory. Below you will find few details from the journey. Here we go...