This year (again) I had a pleasure to present few of the topics from my research during The Hack Summit Conference in Poland[1, 2, 3]. Last time we (mostly;)) talked about one preauth RCE bug I found in ConQuest DICOM server (1.5.0d). This year we talked about one of the way to automate bug hunting using Ghidra. Below you'll find more details about it. Here we go...
This time we'll start here:
Environment
If you'd like to recreate this 'pentest scenario' in your mini-LAB - this time I used:
- Ghidra (10)
- Ubuntu 20 VM (with python3)
- Dlink httpd binary (from previous post/presentation)
- SonicWall 'viewcert' "binary" (from previous post).
To not spoil it too much - below you'll find video from TheHackSummit 2024 Conference *(PL only):
Demo presented during THS2024 Conference is attached below:
Few more details about poc for this bug you can click here.
Remember to use it only for legal purposes.
See you next time! ;)
Cheers
Brak komentarzy:
Prześlij komentarz