Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)
Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 Vendor reminded 12.02.2018 Software patched 20.02.2018 Vulnerability Disclose Description The free FTP Server from Michael Roth Software is vulnerable to a local buffer overflow. One of the advanced options within the application didn’t have input […]
Offensive Security Certified Expert && me
As promised on Twitter here is my OSCE review. You can read my time line from before course enrolling until the end of the exam here. So, let’s go. Stage_0: Preparation just before enrolling! First, I read a ton of other reviews to get an idea about the course and the exam. There is nothing […]
CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)
While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to check this vulnerability in the recent software version (2.19.6) on my Windows 10 machine. The following post descripes the exploit development. 1. create PoC I created a small python script, which creates a .m3u file […]
Florian Hansemann as expert at the IHK Munich
On 27.02.2018 between 1 and 4 p.m., the Munich Chamber of Commerce and Industry is offering a roundtable discussion for companies together with experts from the field of information security. Here, they can talk confidentially about the challenges to IT security in their company. I face all questions from conceptual to technical information security and […]
No more (password) chaos!
The tiresome topic of passwords and their management. I am always asked how to solve this problem. Therefore, I decided to write a short guide for KeePass. So here we go 😉 #1 Installation and First Start First, you get the corresponding software from the official manufacturer and can choose between the portable or the […]
SLAE Assignment #7 | Custom Cryptor
The last post for my SLAE certification is about encryption of shellcode. As usual you can find all my files on github. Nothing special in place. Pick your favourite shellcode Use my custom AES encrypter Insert the encrypted shellcode and secret AES key into the decrypter Test the decrypted shellcode in our skeleton shellcode.c file […]
SLAE Assignment #6 | Polymorphing Shellcodes
This task (pick up 3 shellcodes from Shell-Storm and use polymorphism to beat pattern matching) sounds really sophisticated but you will see it’s a very handy way for AV evasion for your shellcode. Check my github account for the files. We have to pick three random shellcodes from shell-storm. /bin/sh /bin/sh -c “ping localhost” chmod […]
SLAE Assignment #5 | Analyze Metasploit Payloads
Got time to read? This tasks was a bigger one. We have to pick 3 random metasploit payloads and analyze their shellcode. After building bind and reverse shell in the first two posts i chose the following (check all files on my github account): Exec whoami Readfile Adduser Exec whoami First I generated my shellcode […]
SLAE Assignment #4 | Custom Shellcode Encoder
Hey ho, it’s time for some low-level shellcode encoding. After going through the encoder examples of the SLAE material I build a custom one, which you can find here. At first I wrote a little python script which takes every single byte of a given shellcode and subtracts a random integer from it. In the […]
SLAE Assignment #3 | x86 EggHunting
Ready for the next level? – Method to exploit software even with small space for shellcode: EggHunting The third task was: Build an eggHunter shellcode and a PoC to check functionality. After some googling i found a very interesting paper, which explains eggHunting in general and shows 6 implementations (3x Linux/ 3x Windows). I chose […]
