Author Archives: 0xB455

Weaponizing AMSI bypass with PowerShell

Introduction The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows applications and services to integrate with any antimalware product that’s present on a machine. You can find more information on it here: https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal. A while ago … Continue reading

Posted in Researching, Windows, Write-Up | Tagged , , , , , | Comments Off on Weaponizing AMSI bypass with PowerShell

CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4

During a security assessment several security vulnerabilities were discovered by my colleagues Florian Moll and Nico Jansen in the Innosoft Einsatzplanung Web Software in Version 5.2q4. The vendor was informed about the existence of the vulnerabilities in May 2019. This … Continue reading

Posted in General Stuff | Comments Off on CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4

Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading

Posted in Researching, Webapplication security, Write-Up | Tagged , , , , , , , , , , , , , | Comments Off on Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]

Comprehensive data leakage via Google Groups

So, a few days ago Brian Krebs posted an article on his blog called “Are Your Google Groups Leaking Data?“. This article reached me while I was chilling in the sun but it did not really suprise me as I … Continue reading

Posted in General Stuff, Researching, Write-Up | Tagged , , | Comments Off on Comprehensive data leakage via Google Groups

Pingsweep with Windows CLI

I just happened to find myself with the requirement of performing a ping sweep of the local /24 network under Windows without installing any additional software or tools. Turns out you can do that quite easily via the commandline:

Continue reading

Posted in Windows | Comments Off on Pingsweep with Windows CLI

Creating dummy files in Windows

If you want to create dummy files in Windows you can simple create them by using fsutil:

So in order to create a bulk file which is 1 GB in size you can go with:

Posted in Windows | Comments Off on Creating dummy files in Windows

Feeding content from Burpsuite into other tools e.g. sqlmap

If you ever wonder how to foward your content from Burpsuite towards any other tool you have to keep in mind that there is a logging options available. Enable logging within burp and parse the logfile as input towards sqlmap: … Continue reading

Posted in Backtrack / Kali-Linux | Comments Off on Feeding content from Burpsuite into other tools e.g. sqlmap

Carving the filesystem for large files under linux

Find files which are greater than 20MB: find / -size +20000k -exec du -h {} \;

Posted in Backtrack / Kali-Linux | Comments Off on Carving the filesystem for large files under linux

Carving the filesystem for recently created files in linux

Files created or modified less than 48 hours ago, sorted from the newest to the oldest:

Posted in Backtrack / Kali-Linux | Comments Off on Carving the filesystem for recently created files in linux

Copy datastreams via SSH

I just realized that one can push or pull data streams through SSH as well. Just used it with DD and it saved me a lot of time. pushing with DD:

  pulling with DD:

   

Posted in Backtrack / Kali-Linux, General Stuff | Comments Off on Copy datastreams via SSH