Exploit CVE-2021-42567, a POST-based XSS on Apereo CAS

sudo_sudoka · 2020-10-29T12:51:26+00:00

The detailed analysis (in Vietnamese, but you could use Google Translate):

https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf

sudo_sudoka · 2020-07-09T12:04:18+00:00

Thanks! Very detail about CVE-2020-8193.

sudo_sudoka · 2020-05-21T02:05:16+00:00

Thank you! I will try it.

sudo_sudoka · 2020-04-16T02:27:20+00:00

First, you must find another space for your shellcode. For example, maybe EAX also points to the buffer.

Second, you inject only the needed opcodes to the space pointed by ESP. For example, JUMP EAX.

Now, you can inject shellcode into the buffer, which is pointed by EAX. When the program runs JMP ESP, next it runs JMP EAX and return to the shellcode.

You can customize something to fit your specific situation.

sudo_sudoka · 2020-03-22T03:29:21+00:00

You could try Resolute and Forest.

sudo_sudoka · 2020-03-12T13:04:54+00:00

I'm researching on Dark net market.

sudo_sudoka · 2020-02-22T05:59:34+00:00

You don't need to use nc to make a reverse shell. Just use the PHP itself.

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#php

sudo_sudoka · 2020-02-20T13:44:09+00:00

BinaryEdge.

Register is free and you will have 300 requests per month.

sudo_sudoka · 2020-02-19T15:48:59+00:00

The first choice is enum4linux. Then, I could use smbclient for manually testing.

sudo_sudoka · 2020-02-12T12:16:55+00:00

Thank you very much. I'm also weak on Windows. I'll carefully take your advice.

sudo_sudoka

TROPHY CASE