General Windows Red Team Lab Review Students will be given remote desktop access to student machines that are connected to the Windows Active Directory with least privilege, and privilege escalation on student machine is part of challenge.
Security Advisory FileRun: Blind SQL Injection Vulnerability We discovered a vulnerability during a pentest in a file sharing web application named FileRun. It allows us to access files anywhere through a self-hosted secure cloud storage, backup and sharing files for photos, videos, files and more. The Vulnerability The vulnerability was discovered after the authentication. After we logged
Exploit Development ALLPlayer: Buffer Overflow (SEH Unicode) After playing around with unicode stack overflow, I try to do it on an application called AllPlayer. The techniques used are not much different, so the result will be the same as the previous exploits. It seems that this application is never updated by the developer, despite being widely used.
Web Security NetGain Enterprise Manager: Authentication Bypass / Local File Inclusion We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.647) during a pentest. We believe that this vulnerability is quite rare and worth to share. Local File Inclusion Normal Request: POST /u/jsp/log/download_do.jsp HTTP/1.1 Host: 192.168.0.21:8081 User-Agent: Mozilla/
Tutorials SMB Exploit (MS17-010) dengan EternalBlue dan DoublePulsar EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau raw shellcode pada komputer korban. Berikut contoh percobaan eksploitasi pada layanan Server Message Block (SMB) menggunakan EternalBlue dan DoublePulsar. Percobaan
Security Advisory Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin We discovered a vulnerability in a WordPress plugin called Simple Login Log Plugin. Vulnerability: Authenticated Blind SQL Injection, Source IP Address Manipulation Affected Version: 1.1.1 (below version may be affected as well) Patched Version: Not available yet (vendor already contacted but no response) Blind SQL Injection =================== Affected URL:
Walkthrough Hackfest 2016 Orcus Walkthrough This is a write up for Hackfest 2016 Orcus found in Vulnhub, just to fill my leisure time! Download here Hackfest 2016 Orcus Nmap root@kali:~# nmap -sC -sV -p- 192.168.1.108 Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-03-25 20:41 WIB Nmap scan report
Security Advisory Wordpress Profile Builder Plugin: Stored XSS Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below. This is just a PoC example, just fill in the minimum password length field with [code]8″><script>alert(1)</script>[/code] After we save the
Walkthrough TAKE DOWN Mr-Robot: 1 Yesterday, I opened Vulnhub.com and there was challenge from Mr Robot. The same TV series will be released soon in the month of July 2016. So here it goes, in a fast manner ? Objective: find three hidden keys Netdiscover Nmap As nmap says, port 80 and 443 are open.
