Smidge – A lightweight library for runtime CSS and JavaScript file management, minification, combination & compression in Microsoft .NET. In Program.cs of a .NET web application a Smidge Javascript bundle is defined with “CreateJs”. This module is vulnerable to arbitrary…
New bug identified in Red Hat Satellite (SAT-35175) which pose a security risk such as unauthorized access to information and data. DescriptionSatellite hosts can access custom repositories/rpms via curl which is not included in the assigned Content View/Activation Key. Link…
Web challenge @ HTB. Difficulty: Easy. Description: Survivors find a battered laptop in the rubble. Powering it up, they discover a cryptic software interface from an ancient architecture firm, hinting at vital blueprints. They must crack its security protocols. Undeterred,…
Challenge description: Can you beat the odds, can you become the very best? Here comes some hints for the misc challenge Shinyhunter at HackTheBox. Good luck with the challenge!
How to fix the correct time? When trying to retrieve Kerberos tickets with impacket via the function GetUserSPNs you can get an error about the time isn’t matching the domain controller (TGT: Kerberos SessionError: KRB_AP_ERR_SKEW Clock skew too great). There…
All forms of input to an application needs to be validated. For example, to notify a user about suspicious typos or for security reasons. The easiest form of validation is probably of integers, ie the input cannot consist of anything…
Nagios XI version 5.11.0 and 5.11.1 are vulnerable to SQL injections. There are several endpoints in the Nagios XI suite that are vulnerable to SQLi. However, the endpoint referred to in CVE-2023-40931 might be exploited by an unprivileged user. Method:POST…
Here is some hints for the HTB web challenge ApacheBlaze (easy) Step into the ApacheBlaze universe.. Burp is your friend for this challenge! Console log the X-Forward-Host header with app.logger.error(…) in order to see if your request is triggering any…
“A case study of unauthorized login attempts against honeypots via remote desktop” Abstract and information about the thesis in DiVA (open access):https://www.diva-portal.org/smash/record.jsf?dswid=5536&faces-redirect=true&language=en&searchType=SIMPLE&query=&af=[]&aq=[[]]&aq2=[[]]&aqe=[]&pid=diva2%3A1784631&noOfRows=50&sortOrder=author_sort_asc&sortOrder2=title_sort_asc&onlyFullText=false&sf=all Full text of the study can be downloaded from:
Qterminal in Kali Linux After an update, the terminal in Kali Linux got some strange behavior. When using the arrow keys to complete commands or scrolling through history it produced the characters A (up arrow) B (right arrow) C (right)…
Seasonal machine at hack the box is a Linux instance with Apache 2.4.52. I’ve seen a lot of people struggling to find a functional and working reverse shell after they got the initial foothold. From an initial foothold it is…
Working with a payload for a buffer overflow shellcode. For this particular task the payload needs to be reversed i.e “\x01\x02” should be “\x02\x01” etc. Didn’t find any online conversion tools so I wrote my one using C#. It could…