Hi,
after 5 years I decide to close this blog. The same I will do with my LinkedIn
and Twitter account so I will not be available any more.
I would like to thank you all for watching and supporting me during those years. :)
"Have fun & good luck."
Thanks.
Cheers
Haunt IT
HauntIT Blog - security testing & exploit development
Wednesday, 25 May 2016
Sunday, 15 May 2016
[EN] MS Excel 2010 DoS (poc)
Below you will find DoS poc for MS Excel 2010.
Found during some fuzzing exercises... ;)
Also you will find a small description, directly from Windbg:
Found during some fuzzing exercises... ;)
Also you will find a small description, directly from Windbg:
Friday, 13 May 2016
FristiLeaks: 1.3 CTF Writeup
During last day I had a pleasure to play FristiLEaks CTF prepared by Ar0xA. Thanks! ;)
It was a good idea to choose this one as well as a lot of fun when I was wondering how to get root.
Below you will find a solution how to get the flag (and to "love Fristi"! ;))
(For those who want to read other writeups for Fristi, you can find them here.)
Here we go...
It was a good idea to choose this one as well as a lot of fun when I was wondering how to get root.
Below you will find a solution how to get the flag (and to "love Fristi"! ;))
(For those who want to read other writeups for Fristi, you can find them here.)
Here we go...
Monday, 9 May 2016
CrackMe by Rapture - solved
Hi,
this time we will analyze and patch another small and simple .NET crackme.
This time we will check "FishMe #1 by Rapture". You can find it at crackmes.de.
Like before we need HxD and .NET Reflector (but you can use your favourite tools to do it as well).
Let's get to work!
this time we will analyze and patch another small and simple .NET crackme.
This time we will check "FishMe #1 by Rapture". You can find it at crackmes.de.
Like before we need HxD and .NET Reflector (but you can use your favourite tools to do it as well).
Let's get to work!
CrackMe by Rayko - solved
During last few days I was checking crackmes from this page (BTW great place to check if you're learning reversing and cracking).
Below you will find one simple solution for crackme found in ".Net" category: CrackMe By Rayko.
Below you will find one simple solution for crackme found in ".Net" category: CrackMe By Rayko.
Friday, 29 April 2016
Another DoS in MS Publisher 2010
During last week I found few more NULL ptrs in MS Office Publisher (2010 for Windows 7).
Thursday, 3 March 2016
BrokenWebapps - CTF writeup
When I was looking for a new CTF, I found interesting website with multiple CTFs ISO and VM images, prepared (vulnerable) to hack. I decided to try OWASP Project called BrokenWebapps (VM I’ve tried was OWASP_Broken_Web_Apps_VM_1.2).
I prepared the VM and started another one (this time with Kali2.0 – both on VirtualBox). As far as I know, we can treat this VM as a big WWW server, hosting multiple webpages.
I prepared the VM and started another one (this time with Kali2.0 – both on VirtualBox). As far as I know, we can treat this VM as a big WWW server, hosting multiple webpages.
Sunday, 27 December 2015
Joomla CVE-2015-7857 writeup
(I wrote this as a 'note' in 14.12.2015 but in case that all information are already public,
below you will find proof of concept and little write-up for vulnerability described in this CVE.)
below you will find proof of concept and little write-up for vulnerability described in this CVE.)
Labels:
0day,
code review,
exploit,
Joomla,
projects,
research,
vulnerability,
writeup
Saturday, 26 December 2015
New version of Lime Survey
As far as I know LimeSurvey is already updated, so below you will find all described vulnerabilities I found nearly 2 months ago during some small 'code review' exercises.
Response from LimeSurvey Team was very fast! :)
Found: 4.11.2015
Sent: 5.11.2015
Resp: 5.11.2015
AFAIK all findings were fixed in 48h. So... here we go:
Response from LimeSurvey Team was very fast! :)
Found: 4.11.2015
Sent: 5.11.2015
Resp: 5.11.2015
AFAIK all findings were fixed in 48h. So... here we go:
Saturday, 24 October 2015
[EN] SOAP testing
During one of last projects I needed to test some webservices.
I was wondering: if I can do it with Burp or by manual testing,
maybe I can also write some quick code in python...
And that's how I wrote soapee.py:
I was wondering: if I can do it with Burp or by manual testing,
maybe I can also write some quick code in python...
And that's how I wrote soapee.py:
Subscribe to:
Posts (Atom)