-
Recent Posts
- Weaponizing AMSI bypass with PowerShell
- CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4
- Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
- Comprehensive data leakage via Google Groups
- Pingsweep with Windows CLI
Author Archives: 0xB455
Weaponizing AMSI bypass with PowerShell
Introduction The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows applications and services to integrate with any antimalware product that’s present on a machine. You can find more information on it here: https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal. A while ago … Continue reading
Posted in Researching, Windows, Write-Up
Tagged amsi, bypass, exploitation, hacking, Powershell, security
Comments Off on Weaponizing AMSI bypass with PowerShell
CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4
During a security assessment several security vulnerabilities were discovered by my colleagues Florian Moll and Nico Jansen in the Innosoft Einsatzplanung Web Software in Version 5.2q4. The vendor was informed about the existence of the vulnerabilities in May 2019. This … Continue reading
Posted in General Stuff
Comments Off on CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4
Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading
Posted in Researching, Webapplication security, Write-Up
Tagged bugbounty, bughunting, cve, cve-2018-14716, exploit, exploitation, exploitdb, hacking, information disclosure, security, server side template injection, ssti, vulnerability, webapplication
Comments Off on Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
Comprehensive data leakage via Google Groups
So, a few days ago Brian Krebs posted an article on his blog called “Are Your Google Groups Leaking Data?“. This article reached me while I was chilling in the sun but it did not really suprise me as I … Continue reading
Posted in General Stuff, Researching, Write-Up
Tagged data leak, google cloud, privacy
Comments Off on Comprehensive data leakage via Google Groups
Pingsweep with Windows CLI
I just happened to find myself with the requirement of performing a ping sweep of the local /24 network under Windows without installing any additional software or tools. Turns out you can do that quite easily via the commandline:
1 |
for /L %i in <1,1,255) do@ping -w -n 123.123.123.%i | find "Reply" |
Posted in Windows
Comments Off on Pingsweep with Windows CLI
Creating dummy files in Windows
If you want to create dummy files in Windows you can simple create them by using fsutil:
1 |
fsutil file createnew <filename> <length in bytes> |
So in order to create a bulk file which is 1 GB in size you can go with:
1 |
fsutil file createnew c:\foo.bar 1073741824 |
Posted in Windows
Comments Off on Creating dummy files in Windows
Feeding content from Burpsuite into other tools e.g. sqlmap
If you ever wonder how to foward your content from Burpsuite towards any other tool you have to keep in mind that there is a logging options available. Enable logging within burp and parse the logfile as input towards sqlmap: … Continue reading
Posted in Backtrack / Kali-Linux
Comments Off on Feeding content from Burpsuite into other tools e.g. sqlmap
Carving the filesystem for large files under linux
Find files which are greater than 20MB: find / -size +20000k -exec du -h {} \;
Posted in Backtrack / Kali-Linux
Comments Off on Carving the filesystem for large files under linux
Carving the filesystem for recently created files in linux
Files created or modified less than 48 hours ago, sorted from the newest to the oldest:
1 |
find / -mtime -2 -printf "%T@" -ls | sort |
Posted in Backtrack / Kali-Linux
Comments Off on Carving the filesystem for recently created files in linux
Copy datastreams via SSH
I just realized that one can push or pull data streams through SSH as well. Just used it with DD and it saved me a lot of time. pushing with DD:
1 |
ssh target_address dd if=remotefile | dd of=localfile |
pulling with DD:
1 |
dd if=localfile | ssh target_address dd of=remotefile |
Posted in Backtrack / Kali-Linux, General Stuff
Comments Off on Copy datastreams via SSH