How to crack Nibbles box without Metasploit.
tl;dr
- Nibbleblog v4.0.3 Code Execution
- CVE-2015-6967
tl;dr
- Unintended Solution: Cookie Path Restriction bypass using pop-up windows + JS Sandbox Escape
- Intended Solution: Service Workers + JS Sandbox Escape
tl;dr
- Payload:
{"widgetName":"constructor","widgetData":"{\"prototype\":{\"srcdoc\":\"<script src='/admin/debug/add_widget?panelid=star7rix&widgetname=test123&widgetdata=%27%29%2C%28%27star7rix%27%2C+%28select+flag+from+flag%29%2C+%27%7B%22type%22%3A%22test123%22%7D%27%29+--'></script>\"}}"}
How to crack Shocker box without Metasploit.
tl;dr
- ShellShocker exploit
- Apache mod_cgi
tl;dr
In this post, we are going to share our research into PKES systems and the possibility of Relay attacks on such systems.
tl;dr
- Decrypt the bitlocker encrypted drive
- extracting the flag from deleted PDF
tl;dr
- Abusing a stack overflow on a RISC-V binary to then return to shellcode.
tl;dr
- Buffer overflow in AArch64
- Bypass pointer authentication to leak libc and get shell
tl;dr
- Overflow from
stdinstucture tillmain_arena. - Create fake
fastbinchunks to get overlapping chunk and leak. - Overwrite
__malloc_hookusing fastbin attack.