Newsletter 13/11/2022

This machine has an e-commerce store that is vulnerable to SQLi. With this vulnerability we can get a hashed password which is reused for SSH. There is another user that runs ipython
periodically, so we can inject a configuration file to execute commands. The second user is able to use a binary compiled in Go that connects to Redis. A binary analysis reveals the password, so we can connect to Redis and exploit a CVE to run Lua code, escape from the sandbox and execute system commands as root

XSS. CSP bypass

Windows event logs. XML filters

64-bit binary. Union structure. Type confusion

64-bit binary. Buffer Overflow. open-read-write ROP chain

Microsoft Office VBA macros deobfuscation

Network traffic analysis with Wireshark. Binary analysis

64-bit binary. Format String vulnerability. GOT overwrite

Network traffic analysis with Wireshark