Marie - Spentera Blog

Windows Red Team Lab Review

Students will be given remote desktop access to student machines that are connected to the Windows Active Directory with least privilege, and privilege escalation on student machine is part of challenge.

Security Advisory

FileRun: Blind SQL Injection Vulnerability

We discovered a vulnerability during a pentest in a file sharing web application named FileRun. It allows us to access files anywhere through a self-hosted secure cloud storage, backup and sharing files for photos, videos, files and more. The Vulnerability The vulnerability was discovered after the authentication. After we logged

Exploit Development

ALLPlayer: Buffer Overflow (SEH Unicode)

After playing around with unicode stack overflow, I try to do it on an application called AllPlayer. The techniques used are not much different, so the result will be the same as the previous exploits. It seems that this application is never updated by the developer, despite being widely used.

Web Security

NetGain Enterprise Manager: Authentication Bypass / Local File Inclusion

We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.647) during a pentest. We believe that this vulnerability is quite rare and worth to share. Local File Inclusion Normal Request: POST /u/jsp/log/download_do.jsp HTTP/1.1 Host: 192.168.0.21:8081 User-Agent: Mozilla/

Tutorials

SMB Exploit (MS17-010) dengan EternalBlue dan DoublePulsar

EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau raw shellcode pada komputer korban. Berikut contoh percobaan eksploitasi pada layanan Server Message Block (SMB) menggunakan EternalBlue dan DoublePulsar. Percobaan

Security Advisory

Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin

We discovered a vulnerability in a WordPress plugin called Simple Login Log Plugin. Vulnerability: Authenticated Blind SQL Injection, Source IP Address Manipulation Affected Version: 1.1.1 (below version may be affected as well) Patched Version: Not available yet (vendor already contacted but no response) Blind SQL Injection =================== Affected URL:

Walkthrough

Hackfest 2016 Orcus Walkthrough

This is a write up for Hackfest 2016 Orcus found in Vulnhub, just to fill my leisure time! Download here Hackfest 2016 Orcus Nmap root@kali:~# nmap -sC -sV -p- 192.168.1.108 Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-03-25 20:41 WIB Nmap scan report

Security Advisory

Wordpress Profile Builder Plugin: Stored XSS

Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below. This is just a PoC example, just fill in the minimum password length field with [code]8″><script>alert(1)</script>[/code] After we save the

Walkthrough

TAKE DOWN Mr-Robot: 1

Yesterday, I opened Vulnhub.com and there was challenge from Mr Robot. The same TV series will be released soon in the month of July 2016. So here it goes, in a fast manner ? Objective: find three hidden keys Netdiscover Nmap As nmap says, port 80 and 443 are open.