czwartek, 6 lipca 2017

Reading malware - Backdoor:Win32/Darkddoser

Thanks to Malekal’s page (just like before) I was able to „read” some (more) malware(s). Below you will find few details about the "new" (for me) one case (afaik dated to 2015) I had a chance to check…

wtorek, 20 czerwca 2017

Reading malware

During the weekend I started playing with few malware examples. All (malicious) ‘resources’ described in this text you can find online (here or here). Let’s go.

wtorek, 30 maja 2017

sobota, 27 maja 2017

Exploiting Joomla 3.x - Bitnami Edition

Similar scenario could be performed agains numbers of Joomla installation, including 3.7 of course.

Exploiting DokuWiki - Bitnami Edition

Attack scenario similar to the one described before. This time we will try it again Bitnami's DokuWiki installation. Details below...

Exploiting Concrete5 CMS 8.1.0 - Bitnami Edition

As it was mentioned in my last post related to Napalm and Testlink bug(s), you probably saw there 'few other started modules'. As we can say that those 'bugs' are only 'features' I decided to publish them all. Below uploading shell for latest Concrete5 CMS (8.1.0).

Playing offline CTF's

In the middle of time I started some new exercises related to CTF adventures. This time I tried to pass some challenges related to “binarypwn”. Few cases you’ll find described below.

Divided RealPlayer

Crash found during fuzzing an old app - RealPlayer Below few details...

czwartek, 11 maja 2017

Exploiting TestLink 1.9.16 - Bitnami Edition

Hi, in my last post you probably saw some ("started") modules for TestLink... So, yeah, below you will find some details about one of the bug(s) I found during tests related to (last available version of) TestLink (1.9.16) - thanks goes to Bitnami for preparing VM. So...

poniedziałek, 8 maja 2017

Napalm 2.1 feat. Bitnami

I started creating the code basing on ideas from wrapper I created some time ago. Other tool – similar to this one – is of course grabash but here, I decided to change an approach of the tool to the one idea grabbed from the eternalblue-paper – targeted attacks.

TurnKeyLinux feat. OTRS

Few days ago I found a pretty cool site - TurnKeyLinux. You will find there ready-to-go, pre-installed webapps. I decided to findout if there is also OTRS ready to check... Few notes below.

piątek, 14 kwietnia 2017

Multiple Crashes in MS Publisher 2010/16 - part 2

Hi, as I promised last time today you'll find below few more bugs found during fuzzing session with MSPublisher 2010. Try it on 2016 because few of them will work there as well. ;)

wtorek, 21 lutego 2017

LinkedIn scam changes

Due to the fact that I found some weird behaviour on LinkedIn, my accounts will not be available any more. See some screens below for more details.

niedziela, 15 stycznia 2017

piątek, 6 stycznia 2017

Automated scans with OpenVAS and Kali - part 3

For all of those who liked my post about automating scans with OpenVas in Kali Linux, below I prepared a new version of the poc. Maybe you will find it useful too. ;)