Category IT-Sec

Importance of input validation

gitPython

All forms of input to an application needs to be validated. For example, to notify a user about suspicious typos or for security reasons. The easiest form of validation is probably of integers, ie the input cannot consist of anything…

Nagios CVE-2023-40931 PoC

sql injection

Nagios XI version 5.11.0 and 5.11.1 are vulnerable to SQL injections. There are several endpoints in the Nagios XI suite that are vulnerable to SQLi. However, the endpoint referred to in CVE-2023-40931 might be exploited by an unprivileged user. Method:POST…

HTB ApacheBlaze – Hints

apache

Here is some hints for the HTB web challenge ApacheBlaze (easy) Step into the ApacheBlaze universe.. Burp is your friend for this challenge! Console log the X-Forward-Host header with app.logger.error(…) in order to see if your request is triggering any…

Master Thesis – Login attempts against honeypots

“A case study of unauthorized login attempts against honeypots via remote desktop” Abstract and information about the thesis in DiVA (open access):https://www.diva-portal.org/smash/record.jsf?dswid=5536&faces-redirect=true&language=en&searchType=SIMPLE&query=&af=[]&aq=[[]]&aq2=[[]]&aqe=[]&pid=diva2%3A1784631&noOfRows=50&sortOrder=author_sort_asc&sortOrder2=title_sort_asc&onlyFullText=false&sf=all Full text of the study can be downloaded from:

Terminal prints ABCD from arrow keys

Qterminal in Kali Linux After an update, the terminal in Kali Linux got some strange behavior. When using the arrow keys to complete commands or scrolling through history it produced the characters A (up arrow) B (right arrow) C (right)…

HTB Busqueda – Hint!

busqueda

Seasonal machine at hack the box is a Linux instance with Apache 2.4.52. I’ve seen a lot of people struggling to find a functional and working reverse shell after they got the initial foothold. From an initial foothold it is…

About CVE 2021 3560

Local privilege escalation using polkit Exploit CVE-2021-3560 is used for privilege escalation on linux systems. It’s related to polkit and D-bus requests. ”polkit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to…

HTB Web challenge Neonify – Hints!

If you struggle with the web challenge Neonify at HTB, here comes some hints! Look in to the end of the line? Where is flag? May the encoding be with you..Good luck and let me know if any hint was…