[CyberhackCTF] Crazy Forensics

#writeup, #h4tt0r1, #cyberhackctf, #ctf

Published on 08 June 2020 at 11:08AM, by h4tt0r1

Hi hekers!, since our team is preparing for the Ekoparty CTF, we decided to participate in many CTF's around the world, so now, we test our skills in the CyberhackCTF, a group of indian ctf players that made an awesome event (with some infraestructure problem, but just details).

cyberlogo

Today, I want to share the Crazy Forensics challenge writeup, that give us 450 pts.

start

The challenge begins by indicating the format and content of the flag Cyberhack{DeletedDate_Time}, which in this case is a specific date that we must find in the attached files.

First Enumer

Ver más

[bug bounty writeup ] Error based XXE on Java application.

#bugbounty, #writeup, #hackerone, #xxe

Published on 31 May 2020 at 08:20PM, by f4d3

Hi everyone!
I'll share here a bug bounty writeup for a public bug bounty program, that I found this year,

Was an XXE, on JDK context, which is vulnerable to exploit it in more than one way (not just external DTD's).

Cheers!

  • f4d3
Ver más

[Kanji] Remote Code Execution in Kanji RTN-KJ-150N Router, JCG JGR-N805R Router, DEK DEK-1705 Router, LINK-NET LW-N605R Router,VINGA WR-N300U Router

#cve, #rce, #research

Published on 28 May 2020 at 05:27PM, by xpl0ited1

After logging in I went to the Management menu, and then clicked on Tools, there are two system commands that can be executed, ping and traceroute, both vulnerable to execute arbitrary commands appending a semicolon before extra command

Ver más

[SMC Networks] Remote Code execution (Authenticated) in SMC D3G0804W Router [CVE-2020-8087]

#cve, #rce, #research

Published on 28 May 2020 at 12:32AM, by H4k1m

SMC Networks is an American Based Company, founded in 1972. The company develops network interface cards (NICs), stackable, dual speed hubs and ethernet switches, now venturing into the world of IoT.

The SMC Networks D3G0804W Router is described as:
"A multimedia Gateway that delivers video, and data for applications such as Home Security and Automation, and IPTV distribution. The Gateway is a versatile and robust all-in-one solutions that makes it ideal for homes and businesses to connect their local-area network (LAN) to the Internet."
--SMC Networks D3G0804W user manual.

poc

Ver más

[Digi TransPort] Stored XSS on WR Family series (CVE-2020-8822)

#storedxss, #xss, #research, #digi, #cve-2020-8822

Published on 28 May 2020 at 12:29AM, by h4tt0r1

The Digi TransPort WR family is a set of cellular routers that provides secure way wireless connectivity to remote sites for primary or backup wireless broadband network connectivity

test

Ver más