Open in app

Sign In

Write

Sign In

Adam C
Adam C

33 Followers

Home

About

Nov 5, 2020

Apache Flink 1.9.x (Part 1: Set Up)

This is blog is to set up your own lab environment for Apache Flink 1.9.x. There was a vulnerability published recently on exploit db and I used it as a learning tool to practice performing code review with Java. It took me about 2 hours to find and exploit where…

Penetration Testing

2 min read

Apache Flink 1.9.x (Part 1: Set Up)
Apache Flink 1.9.x (Part 1: Set Up)
Penetration Testing

2 min read


Sep 23, 2020

Zentao Pro 8.8.2 RCE

In July, a remote command execution exploit was released on an application named Zentao Pro. When I examined the application’s code, I found another area which could be exploited to gain RCE. I informed the developers via Facebook messenger and email on July 16th 2020. This exploit has only been…

Code Review

7 min read

Zentao Pro 8.8.2 RCE
Zentao Pro 8.8.2 RCE
Code Review

7 min read


Jul 20, 2020

Code Review Methodology

While practicing performing code review, I have found there a good methodology is a cyclic process that repeats itself again and again. There are 3 steps: Planning Reviewing Code Reviewing the process Planning Stage This part of the process is fairly simple. The useful things to have at this stage is understanding…

3 min read

Code Review Methodology
Code Review Methodology

3 min read


Jul 8, 2020

OSWE Preparation Lab 1

After doing the AWAE course, I felt like I needed to do more practice. There are other materials such as the HTB boxes similar to OSWE. I am just adding to the collection. Recently, there was a vulnerability reported in Zentao Pro 8.8.2 that can result in remote command execution. …

Penetration Testing

2 min read

White Box Challenge 1 — EASY
White Box Challenge 1 — EASY
Penetration Testing

2 min read


May 17, 2020

JSON Web Token — Lab Guide

I have created a lab for everyone to practice testing against JSON Web Tokens. It is quite a simple lab and the goal is to modify the token so that it says you are currently the Admin user. You can git clone the lab here: https://github.com/h-a-c/jwt-lab …

Jwt

4 min read

JSON Web Token — Lab Guide
JSON Web Token — Lab Guide
Jwt

4 min read


Apr 29, 2020

Beginner Code Review (Part 2)

Part 2 of the Beginner Code Review Series. Here I will be describing how the vulnerabilities found can be used to escalate privileges. I also got the code to run so it is easier for everyone to understand and not just code. I have updated the code so it can…

Pentesterlab

4 min read

Beginner Code Review (Part 2)
Beginner Code Review (Part 2)
Pentesterlab

4 min read


Apr 27, 2020

Beginner Code Review(Part 1)

To improve my code review skills I decided to go over Pentesterlab’s free code review exercise. It can be found at: https://github.com/PentesterLab/cr This will be part of a series where I describe the vulnerabilities I have found, how I found it and how to fix it. The benefit of using…

Code Review

6 min read

Beginner Code Review(Part 1)
Beginner Code Review(Part 1)
Code Review

6 min read


Apr 17, 2020

Setting up an Invisible Proxy for Thick Clients

Requirements: Burp Burp machine’s IP address <burp IP> Notepad /w administrator privileges. URL the thick client is communicating with. <url> Setup: Open the hosts file on the machine with the thick client. Open it as administrator: C:\Windows\System32\drivers\etc\hosts In the hosts file add the following: <burp IP> <url> Open burp and go to options to set up the proxy. Click support invisible proxying.

Proxy

2 min read

Setting up an Invisible Proxy for Thick Clients
Setting up an Invisible Proxy for Thick Clients
Proxy

2 min read


Apr 17, 2020

My OSCP Journey Brain Dump

I recently got my email saying I passed the OSCP exam first time. This blog will illustrate the approach I used and what worked for me. I hope it helps out some of you who are trying to get it done. (TLDR: The recommendations at the end might help) My experience and why I did the OSCP exam. I…

Oscp

7 min read

My OSCP Journey Brain Dump
My OSCP Journey Brain Dump
Oscp

7 min read

Adam C

Adam C

33 Followers

Blogging

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech