Newsletter 13/11/2022
This machine has an e-commerce store that is vulnerable to SQLi. With this vulnerability we can get a hashed password which is reused for SSH. There is another user that runs ipython
periodically, so we can inject a configuration file to execute commands. The second user is able to use a binary compiled in Go that connects to Redis. A binary analysis reveals the password, so we can connect to Redis and exploit a CVE to run Lua code, escape from the sandbox and execute system commands as root
XSS. CSP bypass
Windows event logs. XML filters
64-bit binary. Union structure. Type confusion
64-bit binary. Buffer Overflow. open-read-write ROP chain
Microsoft Office VBA macros deobfuscation
Network traffic analysis with Wireshark. Binary analysis
64-bit binary. Format String vulnerability. GOT overwrite
Network traffic analysis with Wireshark