15 Apr 2022, 12:45

Multiple Vulnerabilities in Cisco Expressway

Some time ago I stumbled across a HackerOne report about abusing Slacks TURN server for proxy functionality inside their internal network. I found this interesting and decided to take a look at our videoconferencing software at work, which happened to be Cisco Expressway. Since there are currently no public tools available, I developed a tool to help others in testing.

You can get the tool over here https://github.com/firefart/stunner/

Read more

03 Aug 2021, 07:00

How to build your Dockerhub Images with Github Actions

Dockerhub recently removed the autobuild feature for all free users. This means that every docker image that relies on docker hub to auto build the images on new pushes or new releases will not be updated anymore. Users now need to build those images manually and push them to Docker Hub.

Thankfully you can use Github Actions to build the images for you and push them to the docker hub registry.

Read more

27 Nov 2019, 08:00

Using the MySQL Service with Github Actions

With the newly introduced Github Actions it’s now possible to run your unit tests and other automation tasks automatically on Githubs infrastructure based on events. This is a short blog post describing how to use the MySQL / MariaDB services with Github Actions.

Read more

06 Nov 2017, 00:30

How to run cron jobs with docker

Lately I came across the problem of running cron jobs in a docker based environment when we migrated wpvulndb.com to a docker based install. So how should we execute cron jobs when the application is running with docker or docker-compose?

Read more

30 May 2017, 20:00

rhme2 - Solving the whac the mole challenge

RHme2 (Riscure Hack me 2) was a hardware based CTF challenge started back in 2016. Although it’s already over you can download the challenges from their Github page.

All you need is an Arduino (or Arduino compatible) board with an atmega328p chip (Arduino UNO or Arduino Nano). In this post we will solve this challenge by brute forcing it using a second Arduino.

Stuff needed to solve this challenge:

  • an Arduino Nano or UNO
  • a second Arduino
  • an oscilloscope
Read more

07 Feb 2017, 23:30

Turning Piwik Superuser Credentials into Remote Code Execution

On a recent pentest I got root access to a MySQL database hosting a PHP web application and also an instance of Piwik. I was able to extract the credentials from the database and crack them really fast because they were only hashed using MD5. It looks like Piwik introduced stronger hashes in Piwik 3 but luckily this target is still running version 2.

Edit: Piwik now disabled custom plugin uploads by default in 3.0.3 (Changelog). You have to manually enable it in the config (See FAQ) so this removes a lot attack surface from existing installs.

Read more

13 Jan 2017, 23:45

Vulnhub - DC416: Fortress Writeup

Fortress is the last of 4 DC416 VMs by @superkojiman.

Read more

10 Jan 2017, 23:00

Vulnhub - DC416: Dick Dastardly Writeup

New evening, new VM: DC416 Dick Dastardly by the famous @_RastaMouse.

Read more

02 Jan 2017, 22:00

Vulnhub - DC416: Baffle Writeup

After I finished DC416 - Basement I wanted to give the next VM a try: DC416 - baffle by @superkojiman.

Read more

18 Dec 2016, 01:00

Vulnhub - DC416: Basement Writeup

Basement is the first of 4 VMs from the DC416 CTF by @barrebas on Vulnhub. There are 5 flags on this machine but I was only able to get 4 of them.

Read more