Category Archives: General Stuff

CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4

During a security assessment several security vulnerabilities were discovered by my colleagues Florian Moll and Nico Jansen in the Innosoft Einsatzplanung Web Software in Version 5.2q4. The vendor was informed about the existence of the vulnerabilities in May 2019. This … Continue reading

Posted in General Stuff | Comments Off on CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4

Comprehensive data leakage via Google Groups

So, a few days ago Brian Krebs posted an article on his blog called “Are Your Google Groups Leaking Data?“. This article reached me while I was chilling in the sun but it did not really suprise me as I … Continue reading

Posted in General Stuff, Researching, Write-Up | Tagged , , | Comments Off on Comprehensive data leakage via Google Groups

Copy datastreams via SSH

I just realized that one can push or pull data streams through SSH as well. Just used it with DD and it saved me a lot of time. pushing with DD:

  pulling with DD:

   

Posted in Backtrack / Kali-Linux, General Stuff | Comments Off on Copy datastreams via SSH

IP-tables configuration for sending traffic into local proxy

Quite often I find myself in the need in order to analyse traffic for applications on an jailbroken Android device which ignore the global system proxy settings. In such cases I usually leverage iptables in order to send the traffic … Continue reading

Posted in Backtrack / Kali-Linux, General Stuff | Comments Off on IP-tables configuration for sending traffic into local proxy

Tunneling ports via SSH

People often forget that they can use SSH in order to access remote services which are only reachable from the network of the SSH server. Here is the snippet you want to use:

So as a general example: You … Continue reading

Posted in Backtrack / Kali-Linux, General Stuff | Comments Off on Tunneling ports via SSH