-
Recent Posts
- Weaponizing AMSI bypass with PowerShell
- CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4
- Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
- Comprehensive data leakage via Google Groups
- Pingsweep with Windows CLI
Category Archives: General Stuff
CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4
During a security assessment several security vulnerabilities were discovered by my colleagues Florian Moll and Nico Jansen in the Innosoft Einsatzplanung Web Software in Version 5.2q4. The vendor was informed about the existence of the vulnerabilities in May 2019. This … Continue reading
Posted in General Stuff
Comments Off on CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4
Comprehensive data leakage via Google Groups
So, a few days ago Brian Krebs posted an article on his blog called “Are Your Google Groups Leaking Data?“. This article reached me while I was chilling in the sun but it did not really suprise me as I … Continue reading
Posted in General Stuff, Researching, Write-Up
Tagged data leak, google cloud, privacy
Comments Off on Comprehensive data leakage via Google Groups
Copy datastreams via SSH
I just realized that one can push or pull data streams through SSH as well. Just used it with DD and it saved me a lot of time. pushing with DD:
|
1 |
ssh target_address dd if=remotefile | dd of=localfile |
pulling with DD:
|
1 |
dd if=localfile | ssh target_address dd of=remotefile |
Posted in Backtrack / Kali-Linux, General Stuff
Comments Off on Copy datastreams via SSH
IP-tables configuration for sending traffic into local proxy
Quite often I find myself in the need in order to analyse traffic for applications on an jailbroken Android device which ignore the global system proxy settings. In such cases I usually leverage iptables in order to send the traffic … Continue reading
Posted in Backtrack / Kali-Linux, General Stuff
Comments Off on IP-tables configuration for sending traffic into local proxy
Tunneling ports via SSH
People often forget that they can use SSH in order to access remote services which are only reachable from the network of the SSH server. Here is the snippet you want to use:
|
1 |
ssh -L [bind_address:]port:host:port user@server |
So as a general example: You … Continue reading
Posted in Backtrack / Kali-Linux, General Stuff
Comments Off on Tunneling ports via SSH