CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) X.02.2018  Vendor patched vulnerability local BO 31.07.2018 Seller informed again 31.08.2018 Disclosure Description Michael Roth Software Personal FTP Server (PFTP) up to 8.4f allows remote attackers to cause a denial of service (daemon crash) by […]

Backdooring PE-File (with ASLR)

Welcome to my next blog post. Today I want to show you some basic pentesting stuff. We will manually backdooring a PE file, in this case the putty client. I used the following software setup: Windows 10 Pro 32 bit Putty Stud_PE Immunity debugger Before we are getting our hands into assembly, i want to […]

HanseSecure at IT-Secuta 2018

From 21.11. The SECUTA Information Security Conference will take place in Garmisch-Partenkirchen from November 1 to 23, 2018.  There, the current developments and challenges of information security will be shown in a practical way and solutions will be presented. The program includes live sessions, live hacking, current IT case law and the topic of EU […]

HowTo: MSF email

This is just another very short usage guide for one of my little helper for pentesters and the like. During some assessments with social engineering i want to get informed by my server, if a session is opened. After some time of research i didn’t find any good solution in the internet, so i decided […]

HowTo: ExploitDev Fuzzing

This is a short usage guide which should explain my simple wrapper for the spike fuzzer, which you can find here. For this example i used the well known vulnserver ðŸ˜‰ 0x01 Determine possible commands A simple nc && HELP command revealing all possible commands. 0x02 Create Text File containing commands Just Copy&Paste 😉 0x03 Fire […]

Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 Vendor reminded 12.02.2018 Software patched 20.02.2018 Vulnerability Disclose Description The free FTP Server from Michael Roth Software is vulnerable to a local buffer overflow. One of the advanced options within the application didn’t have input […]

Offensive Security Certified Expert && me

As promised on Twitter here is my OSCE review. You can read my time line from before course enrolling until the end of the exam here. So, let’s go. Stage_0: Preparation just before enrolling! First, I read a ton of other reviews to get an idea about the course and the exam. There is nothing […]

CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to check this vulnerability in the recent software version (2.19.6) on my Windows 10 machine. The following post descripes the exploit development. 1. create PoC I created a small python script, which creates a .m3u file […]

Florian Hansemann as expert at the IHK Munich

On 27.02.2018 between 1 and 4 p.m., the Munich Chamber of Commerce and Industry is offering a roundtable discussion for companies together with experts from the field of information security. Here, they can talk confidentially about the challenges to IT security in their company. I face all questions from conceptual to technical information security and […]

No more (password) chaos!

The tiresome topic of passwords and their management. I am always asked how to solve this problem. Therefore, I decided to write a short guide for KeePass. So here we go 😉 #1 Installation and First Start First, you get the corresponding software from the official manufacturer and can choose between the portable or the […]