This is blog is to set up your own lab environment for Apache Flink 1.9.x. There was a vulnerability published recently on exploit db and I used it as a learning tool to practice performing code review with Java.

It took me about 2 hours to find and exploit where my starting hold was just the title ‘File Upload RCE’. To set up the environment it is a quick 5 minute process. I used a Ubuntu VM for the base operating system. Below is the link to the exploit.

Step 1: Download the binary of Apache Flink 1.9.x. …


In July, a remote command execution exploit was released on an application named Zentao Pro. When I examined the application’s code, I found another area which could be exploited to gain RCE. I informed the developers via Facebook messenger and email on July 16th 2020. This exploit has only been tested on Zentao Pro 8.8.2 and 8.8.3. The original exploit is on exploit-db.

So to recap, we have a code review methodology which is a cycle of planning, reviewing, reassessing. You can see this on my other blog. …


While practicing performing code review, I have found there a good methodology is a cyclic process that repeats itself again and again. There are 3 steps:

  1. Planning
  2. Reviewing Code
  3. Reviewing the process

Planning Stage

This part of the process is fairly simple. The useful things to have at this stage is understanding what you know about the application. It is up to you how to organize this. These are some of the lists I like to keep:

  • List of use cases of the application.
  • List of technologies used.
  • List of interesting features in the application.
  • List of possible attack vectors.
  • List of…


Good luck

After doing the AWAE course, I felt like I needed to do more practice. There are other materials such as the HTB boxes similar to OSWE. I am just adding to the collection.

Recently, there was a vulnerability reported in Zentao Pro 8.8.2 that can result in remote command execution.

This blog will just guide you through how to set up the lab and it will have some tips for you to get you going. I would rank this vulnerability as EASY.

Lab Set Up:

  1. Create a Windows VM
  2. Download and install Zentao Pro 8.8.2
  3. Install git ( you will…


I have created a lab for everyone to practice testing against JSON Web Tokens. It is quite a simple lab and the goal is to modify the token so that it says you are currently the Admin user.

You can git clone the lab here: https://github.com/h-a-c/jwt-lab
I will get it running on heroku shortly.

There are 5 challenges in these labs, it should take a couple of hours to do them all.

  • None Algorithm [Very Easy]
  • Exposed Key [Easy]
  • Signature Not Checked [Very Easy]
  • Weak Signature [Medium]
  • Vulnerable Kid [Medium]

Requirements:

  1. Cookie Editor
  2. Understanding of how JSON Web Tokens are…


Part 2 of the Beginner Code Review Series. Here I will be describing how the vulnerabilities found can be used to escalate privileges. I also got the code to run so it is easier for everyone to understand and not just code.

I have updated the code so it can be run after PHP 5.0. Also visit the link if the PHP scripts are not running.

https://github.com/h-a-c/pentesterlab-codereview-free

https://www.techrepublic.com/article/how-to-fix-apache-2-not-executing-php-files/

Broken Authorization for Privilege Escalation

Vulnerabilities used:

  • Directory Listing
  • Lack of input sanitization

Description:

Due to the lack of input sanitization on the register functionality it is possible to have a username with non-alphanumeric characters. This means…


To improve my code review skills I decided to go over Pentesterlab’s free code review exercise. It can be found at: https://github.com/PentesterLab/cr

This will be part of a series where I describe the vulnerabilities I have found, how I found it and how to fix it. The benefit of using Pentesterlab is because it already lists the vulnerabilities and my goal was to find as many as I could then compare it against the list.

https://pentesterlab.com/exercises/codereview/course

Objective

The objective of this task was to perform a code review against a PHP application publicly available on Pentesterlab’s public repository. …


Requirements:

  • Burp
  • Burp machine’s IP address <burp IP>
  • Notepad /w administrator privileges.
  • URL the thick client is communicating with. <url>

Setup:

  1. Open the hosts file on the machine with the thick client. Open it as administrator:
    C:\Windows\System32\drivers\etc\hosts
  2. In the hosts file add the following:
    <burp IP> <url>
  3. Open burp and go to options to set up the proxy.
  • Click support invisible proxying.
  • Export the certificate and install it on the host with the thick client. (Just double clicking it)
Hosts file on Windows.

I recently got my email saying I passed the OSCP exam first time. This blog will illustrate the approach I used and what worked for me. I hope it helps out some of you who are trying to get it done.

(TLDR: The recommendations at the end might help)

My experience and why I did the OSCP exam.

I started my career in 2018 as a intern security consultant and then I managed to get a full time job after the internship ended. During my time I have been involved in various jobs including mobile, web, external / internal penetration tests. …

Adam C

Blogging

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store