środa, 1 lipca 2020

Using GEF for bug exploitation

Today we'll start using GEF - GDB Enhanced Features. Below you'll find few quick notes about how I installed it and how I used it to create a small basic stack overflow exploit. Here we go...

wtorek, 23 czerwca 2020

WooPer - for Wordpress enumeration

Last time when I was looking for some new malware sample(s) I found that multiple websites (serving malicious content) are based on Wordpress. I was wondering why 'attacker' decided to try them as a jump host. Below you'll find few notes about it. Here we go...

sobota, 20 czerwca 2020

Reading malware - MS Office Macros

Yesterday I decided to visit this page again to see if I'll be able to find some 'fresh malicious files'. This time I was looking for some 'malwares' prepared for MS Office users. Below you will find the details. Here we go...

niedziela, 14 czerwca 2020

piątek, 12 czerwca 2020

niedziela, 7 czerwca 2020

My Tomcat Host: 1 - CTF

Last time I found on VulnHub few new VMs. One of them was "My Tomcat Host:1". I decided to check it. Below you will find few notes about it. Here we go...

VulnUni CTF

It's been a while since I last time played CTFs from VulnHub so today we'll try something nice and easy - a CTF called VulnUni. Here we go...

niedziela, 24 maja 2020

Preloading Linux binaries

Using LD_PRELOAD to exploit/reverse binaries was presented to me in 2006. Below I will show you a very basic usage for some small example found online. Here we go...

poniedziałek, 18 maja 2020

Reading malware - unpacking ASPack 2.12

Today I decided to check some 'new samples available online' and that's how I found the one called "gwzsesxxgq.exe". Below you'll find the details. Here we go...

niedziela, 17 maja 2020

Reading malware - DDoS Perl Bot

It's been a while since I was reading (anything in) Perl ;) so during last lazy Sunday I decided to check one of the sample malware available here. Below you will find the details. Here we go...

sobota, 16 maja 2020

Reading malware - 8UsA.sh

Internet is a special weird place. Sometime you can find an unicorn other time you can find an ELF. Today we'll look around for some new ELF in our world of imagination. Here we go...

czwartek, 30 kwietnia 2020

Reading malware - orbitclient.x86

After reading last cases of malwares found online I decided that I will check one more again. ;) Below you will find few notes about it. Here we go...

Reading malware - yakuza.x86

After reading SNOOPY I decided to check one more sample available here. This time I found malware called yakuza.x86. Let's try to understand what this code can do. Below few notes. Here we go...

Reading malware - SNOOPY

Yesterday I had a chance to check few of the 'new malware samples' available here. Below you'll find few notes about it. Here we go...

CrackMe for Beginners

I decided to create a „CrackMe for Beginners” paper to prepare some basic ideas and hints for new reversers. After a while there were a few 'papers' related to the subcjet so I decided to publish it on the blog. Below you will find the details. Here we go...

wtorek, 21 kwietnia 2020

Quick malware analysis

In the meantime I decided to look for some 'new malware' to check in my VM lab. After few minutes I found one sample dropped today just few hours ago. Let's see what I found. Here we go...

poniedziałek, 20 kwietnia 2020

No python, no problem

Sometimes during our pentests we are facing the situation when we can not bring our own laptop with the whole great set of tools installed and prepared. We can only 'pentest' the target (box/app/scope) from the machine prepared by the Client. It can be annoying when you can't use tools like nmap or netcat but we'll try to fix that. Here we go...

piątek, 3 kwietnia 2020

Postauth SQLi in Centreon 19.10-1.el7

I saw that you liked the little series about Centreon bugs[1, 2] so below I prepared a new post for the SQL injection found in latest version (centreon-vbox-vm-19.10-1.el7). Here we go...

Crashing VMPlayer 14

Since last few weeks I'm looking for some fresh and new OVA/ISO images I can install and pentest at home. Two days ago I found another one image. Results you'll find below. Here we go...

niedziela, 29 marca 2020

Pentesting Zen Load Balancer - quick tutorial

Last time we talked about Zen Load Balancer few weeks ago. Yesterday I decided to check it again to find something similar and maybe create a little tutorial. Below you will find the details. Here we go...

piątek, 27 marca 2020

Creating poc for preauth Symantec Web Gateway RCE

Last time we talked about postauth RCE bug I found in Symantec Web Gateway. Today we'll try to find few more bugs - this time for unauthorized users. Here we go...

czwartek, 26 marca 2020

Postauth RCE in Symantec Web Gateway

Last time I decided to check Symantec Web Gateway (version I tried was 5.0.2.8). Below you will find few notes from the journey. Here we go...

czwartek, 19 marca 2020

Creating poc for NagiosXI 0day

I see you liked the 'NagiosXI series' ;) so I prepare a quick step-by-step tutorial for you. Reader will be able to create his/her own working poc for the 0day bug(s) described here. Here we go...

środa, 18 marca 2020

sobota, 14 marca 2020

piątek, 13 marca 2020

Postauth SQLi in latest NagiosXI 5.6.11

Yesterday I found that latest NagiosXI (5.6.11) is vulnerable to multiple (postauth) XSS bugs. Today I decided to continue the research to find out if I will find some other bug(s). Below you will find the details. Here we go...

środa, 11 marca 2020

Nagios 5.6.11 XSS'd

Because today most of time I was in a train... most of time I spent on checking latest Nagios XI (5.6.11) VM. :) Below you will find few notes about it. Here we go...

poniedziałek, 9 marca 2020

sobota, 7 marca 2020

Playing games with Games

Few days ago it was heavily raining so "inspired" ;) with the all grey buildings outside the window I decided to play some games. Below you will find few notes about it. Here we go...

poniedziałek, 24 lutego 2020

czwartek, 20 lutego 2020

Bug bounty scam program

I think now it's time to finaly write few words about the one 'bug bounty' program I had a 'pleasure' to try. Today we will talk about HackerOne platform. Below few details about why (in my opinion) this is scam. Here we go...

sobota, 15 lutego 2020

Exploiting Dolibarr 11

This time I tried to check one of the ERP/CRM software available on the market. I decided to try latest version of Dolibarr from Bitnami resources (. Below you will find few notes about it. Here we go...

piątek, 14 lutego 2020

Escaping from the Fort - quick CVE-2017-14187 autopsy

I don't know how many times I was wondering how can I get a binary of httpsd from the Fortinet device(s). Last time I tried again using some 'new approach'. ;) Below you will find few notes. Here we go...

poniedziałek, 10 lutego 2020

Trying harder...

It is not a secret anymore that last week I achieved OSCP certificate. So for all of you who still want to get it too - below few words "from me". ;) Here we go...

piątek, 31 stycznia 2020

niedziela, 26 stycznia 2020

Stack overflow for beginners - part 2

In the meantime I decided to check (again) some cases related to buffer overflow bugs we can find during CTF(s). This time we will talk about buffer overflows in x64 architecture. Few notes you'll find below. Here we go...

niedziela, 19 stycznia 2020

Me and My Girlfriend - CTF

Today I decided to try one of the latest CTFs from VulnHub called 'Me and My Girlfriend'. ;) Below you will find the details. Here we go...

piątek, 10 stycznia 2020

Shared Windows - quick pentest notes


Today I tried to prepare a short list for few ‘quick paths’ to escalate in Windows - from low-privileged user to the Admin (or NT AUTHORITY\SYSTEM). Below you will find the details. Here we go...

Hacker Fest 2019 CTF

Few days ago I decided to try some new CTF(s) available at VulnHub. This time I player "Hacker Fest 2019" prepared by Martin Haller. Below you will find the details. Here we go...

niedziela, 5 stycznia 2020

Fax and Scan from Win7 to Win10

Last time I was doing some new little experiments with procmon.exe. In the meantime I decided to look around more deeper in c:\windows\system32 directory. Below you will find few details from the journey. Here we go...