-
Bypass of image blocking in Nextcloud Mail
Issue Description By default Nextcloud Mail will not load images in HTML mail. This could be bypassed with // uri. Affected versions Nextcloud Mail Application up to 1.10.3 Details Creating image tag with following syntax <img src=//server/trackingpixel.png> will bypass the image blocking filter. Fix Vendor notified 17.08.2021 Fix ... Read More
-
SSRF with root perms in Webdesktop
Issue Description SSRF with root permissions in Webdesktop document management system. Problem Webdesktop includes functionality to convert documents into PDF format. LibreOffice is used for conversion process. There are couple of problems with this approach: LibreOffice process listening on TCP:8100 runs as root user, although www-data c... Read More
-
XSS in WP plugin Chamber Dashboard Business Directory
Issue Description XSS in WordPress plugin Chamber Dashboard Business Directory. Problem User entered input which contains HTML/JS is not properly encoded on output, resulting in XSS. Affected versions Tested on version 3.2.8 (latest) Details Enter payload into affected field (phone field in this example) and update company profile. In W... Read More
-
Pentester Academy - Python for Pentesters
Python for Pentesters course Course link: https://www.pentesteracademy.com/course?id=1 Topics This course is not about Python syntax, instead focus is on Python modules. Covered topcis: Threading, Queues Sockets, Client - Server Scapy BeautifulSoup, Mechanize Immunity debugger integration Hooks PE parsing module Paramiko ... Read More
-
Protecting Kali (2020.1) with knockd and ufw
Important Knockd is only additional protection, remember to harden your SSH config! Install apt install knockd ufw Not plug and play Now edit ports in /etc/knockd.conf and you are ready? Unfortunately no. Change your /etc/default/knockd # control if we start knockd at init or not # 1 = start # anything else = don't start # PLEASE EDIT... Read More
-
Emulate RPI with qemu
Why ? Installing into memory card is slow, testing in VM is much faster and portable. Download and unpack raspbian wget http://downloads.raspberrypi.org/raspbian/images/raspbian-2016-05-31/2016-05-27-raspbian-jessie.zip unzip 2016-05-27-raspbian-jessie.zip Mount as loop device and extract kernel sudo losetup -f --show -P 2016-05-27-raspbia... Read More
-
Packet Squirrel TOR dropbox
Hak5 Packet Squirrel is actually more capable than most “Reviews” let you think. What to do, if you need to access it outside NAT, but don’t want to setup your own VPN server, where Packet Squirrel can call back? You set it up as TOR hidden service and access it with SSH. First things first - generate new ssh keys for Packet Squirrel. ssh-key... Read More
-
Hashcat in AWS
Because AWS instances were already running for benchmarking John, decided to compare hashcat on AWS instances. There are lot of GTX 1080 TI / 2080 TI benchmarks on the net, but not lot of AWS GPU instances Model GPUs vCPU Mem (GiB) GPU Memory (GiB) Network Performance Price ... Read More
-
John the Ripper in AWS
Had to crack some DES hashes and because GPU station was not available, decided to try them with my laptop CPU (Intel(R) Core(TM) i7-8550U CPU, 4 cores). I was surprized by the speed of modern laptop CPU. i7-8550U CPU, 4 core benchmark: Benchmarking: descrypt, traditional crypt(3) [DES 256/256 AVX2]... (8xOMP) PASS DONE Many salts: 37847K c/s r... Read More