On the 30th of October, D-Link published a support announcement and released a new firmware to patch five vulnerabilities that Harold Zang, Technical Security Specialist at Trustwave, identified on the DSL-2888A router. These security vulnerabilities could allow a malicious Wi-Fi or local network user to gain unauthorised access to the router web interface, obtain the router password hash, gain plaintext credentials, and execute system commands on the router.
Post Category → Penetration
Install and Setup Burp Suite Proxy & Certificate with Java Application
Introduction
Java application sometimes did not go through (use) the global proxy setting. This means that even we setup the proxy and import the burp suite certificate, we are still not able to intercept HTTPs traffic.
This article is going to show you how to setup your Burp Suite proxy and certificate with Java Application for intercepting HTTPs traffic.
How did I find Command Injection in MVP-5150 (CVE-2019-11224)
Introduction
OS Command Injection is that the software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
This article describes that how did I find CVE-2019-11224 and three ways for bypassing “space” character while OS Command Injection.
Buffer Overflow – Return to Libc
Introduction
In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.
Return-to-libc is a method that defeats stack protection on linux systems.
This article will show you that how to attack C program by using buffer overflow and return to Libc method to pop a bash shell.
Apache CVE-2017-7659 Issue Analyse and Payload
Introduction
Recently, Apache released Apache httpd 2.4.26. And 2.4.26 fix a lot of issues. You can find the detail in this link. One of the issue is CVE-2017-7659. This article will discuss this issue and show the payload.
Reverse and inject code to Android Application
Introduction
This article tell you how to reverse and inject your own code to Android Application. Therefore you can get sensitive information, Series Number or other information.