Author Archives: 0xB455

Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading

Posted in Researching, Webapplication security, Write-Up | Tagged , , , , , , , , , , , , , | 2 Comments

Comprehensive data leakage via Google Groups

So, a few days ago Brian Krebs posted an article on his blog called “Are Your Google Groups Leaking Data?“. This article reached me while I was chilling in the sun but it did not really suprise me as I … Continue reading

Posted in General Stuff, Researching, Write-Up | Tagged , , | Leave a comment

Pingsweep with Windows CLI

I just happened to find myself with the requirement of performing a ping sweep of the local /24 network under Windows without installing any additional software or tools. Turns out you can do that quite easily via the commandline:

Continue reading

Posted in Windows | Leave a comment

Creating dummy files in Windows

If you want to create dummy files in Windows you can simple create them by using fsutil:

So in order to create a bulk file which is 1 GB in size you can go with:

Posted in Windows | Leave a comment

Feeding content from Burpsuite into other tools e.g. sqlmap

If you ever wonder how to foward your content from Burpsuite towards any other tool you have to keep in mind that there is a logging options available. Enable logging within burp and parse the logfile as input towards sqlmap: … Continue reading

Posted in Backtrack / Kali-Linux | Leave a comment

Carving the filesystem for large files under linux

Find files which are greater than 20MB: find / -size +20000k -exec du -h {} \;

Posted in Backtrack / Kali-Linux | Leave a comment

Carving the filesystem for recently created files in linux

Files created or modified less than 48 hours ago, sorted from the newest to the oldest:

Posted in Backtrack / Kali-Linux | Leave a comment

Copy datastreams via SSH

I just realized that one can push or pull data streams through SSH as well. Just used it with DD and it saved me a lot of time. pushing with DD:

  pulling with DD:

   

Posted in Backtrack / Kali-Linux, General Stuff | Leave a comment

IP-tables configuration for sending traffic into local proxy

Quite often I find myself in the need in order to analyse traffic for applications on an jailbroken Android device which ignore the global system proxy settings. In such cases I usually leverage iptables in order to send the traffic … Continue reading

Posted in Backtrack / Kali-Linux, General Stuff | Leave a comment

Tunneling ports via SSH

People often forget that they can use SSH in order to access remote services which are only reachable from the network of the SSH server. Here is the snippet you want to use:

So as a general example: You … Continue reading

Posted in Backtrack / Kali-Linux, General Stuff | Leave a comment