General Windows Red Team Lab Review Students will be given remote desktop access to student machines that are connected to the Windows Active Directory with least privilege, and privilege escalation on student machine is part of challenge.
Security Advisory FileRun: Blind SQL Injection Vulnerability We discovered a vulnerability during a pentest in a file sharing web application named FileRun. It allows us to access files anywhere through a self-hosted secure cloud storage, backup and
Exploit Development ALLPlayer: Buffer Overflow (SEH Unicode) After playing around with unicode stack overflow, I try to do it on an application called AllPlayer. The techniques used are not much different, so the result will be the
Web Security NetGain Enterprise Manager: Authentication Bypass / Local File Inclusion We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.647) during a pentest. We believe that this vulnerability is quite rare and worth to share. Local File Inclusion
Tutorials SMB Exploit (MS17-010) dengan EternalBlue dan DoublePulsar EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau
Security Advisory Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin We discovered a vulnerability in a WordPress plugin called Simple Login Log Plugin. Vulnerability: Authenticated Blind SQL Injection, Source IP Address Manipulation Affected Version: 1.1.1 (below version may
Walkthrough Hackfest 2016 Orcus Walkthrough This is a write up for Hackfest 2016 Orcus found in Vulnhub, just to fill my leisure time! Download here Hackfest 2016 Orcus Nmap [email protected]:~# nmap -sC -sV
Security Advisory Wordpress Profile Builder Plugin: Stored XSS Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below. This is just a PoC example, just fill in the minimum password
Walkthrough TAKE DOWN Mr-Robot: 1 Yesterday, I opened Vulnhub.com and there was challenge from Mr Robot. The same TV series will be released soon in the month of July 2016. So here it goes,