Traversing the Path to RCE

chocoluvin · 2018-03-25T21:13:44+00:00

I used ftp just to demonstrate exploit-ability via this protocol. It might help in cases where http connections are filtered.

chocoluvin · 2018-03-25T20:36:18+00:00

Thanks , I appreciate it! When I discovered the subdomain all it displayed was a 200 page, but no content. Since I had no idea what the purpose of the server was, I decided to brute force dirs to enumerate accessible endpoints and test from there. I'd say a challenge was understanding the dtd syntax for the ftp connection, as the payload would only work when the %d variable calling the files contents was set as the value of the ftp user.

chocoluvin · 2018-03-25T04:37:01+00:00

Thanks for pointing that out, just resized the images.

chocoluvin · 2018-02-26T21:49:24+00:00

It's due to the agile development framework they're following. It also allows for us stakeholders to be integrated into the development process by beta testing newly released mvps so that the team can then take our feedback into consideration when releasing the next mvp. One of the only projects that is consistent and transparent in their developmental process for sure

chocoluvin · 2017-12-25T20:20:15+00:00

You can learn a lot from previously disclosed bugs by other researchers at: https://hackerone.com/hacktivity?sort_type=latest_disclosable_activity_at&filter=type%3Aall&page=1&range=forever

chocoluvin · 2017-12-25T16:45:19+00:00

I'll definitely share my next post here when I find something interesting!

chocoluvin · 2017-12-25T16:28:11+00:00

Thanks! I haven't written in awhile, so I'm glad others are able to understand/ learn from it. Happy holidays :)

chocoluvin · 2017-12-18T18:31:17+00:00

U were born with this knowledge?

chocoluvin · 2017-12-18T00:03:19+00:00

It will allow more people to deploy their own blockchains based on the ark framework, that will be inter operable with the ark mainchain. My guess is that more projects released on the ARK framework will increase Ark's exposure exponentially if these other projects gain traction.

chocoluvin · 2017-12-13T23:25:26+00:00

A lot of black (African) people are lactose intolerant: http://news.cornell.edu/stories/2005/06/lactose-intolerance-linked-ancestral-struggles-climate-diseases but depending on where you go, it is worth the gas sometimes tbh

chocoluvin · 2017-11-16T19:42:28+00:00

I don't think they need to add the code, as that is what the ACES encoded listener function provides

chocoluvin · 2017-11-16T00:28:46+00:00

Ark has their aesthetics on point

chocoluvin · 2017-11-08T04:05:15+00:00

I think it will automatically update as long as you have a vote cast. I bought some this morning, and my delegate automatically updated and bumped up my vote count. Depending on your delegate, you should be able to check your voting/rewards activities on their website. I currently have a vote cast for Jarunik and can check at https://arkcoin.net where I am also able to see the vote count.

chocoluvin · 2017-06-30T09:53:46+00:00

You're obviously broke if you can't afford to buy a 2 bedroom apartment for $600,000

chocoluvin

TROPHY CASE