In July, a remote command execution exploit was released on an application named Zentao Pro. When I examined the application’s code, I found another area which could be exploited to gain RCE. I informed the developers via Facebook messenger and email on July 16th 2020. This exploit has only been…

While practicing performing code review, I have found there a good methodology is a cyclic process that repeats itself again and again. There are 3 steps: Planning Reviewing Code Reviewing the process Planning Stage This part of the process is fairly simple. The useful things to have at this stage is understanding…

After doing the AWAE course, I felt like I needed to do more practice. There are other materials such as the HTB boxes similar to OSWE. I am just adding to the collection. Recently, there was a vulnerability reported in Zentao Pro 8.8.2 that can result in remote command execution. …

I have created a lab for everyone to practice testing against JSON Web Tokens. It is quite a simple lab and the goal is to modify the token so that it says you are currently the Admin user. You can git clone the lab here: https://github.com/h-a-c/jwt-lab …

Part 2 of the Beginner Code Review Series. Here I will be describing how the vulnerabilities found can be used to escalate privileges. I also got the code to run so it is easier for everyone to understand and not just code. I have updated the code so it can…

To improve my code review skills I decided to go over Pentesterlab’s free code review exercise. It can be found at: https://github.com/PentesterLab/cr This will be part of a series where I describe the vulnerabilities I have found, how I found it and how to fix it. The benefit of using…

Requirements: Burp Burp machine’s IP address <burp IP> Notepad /w administrator privileges. URL the thick client is communicating with. <url> Setup: Open the hosts file on the machine with the thick client. Open it as administrator: C:\Windows\System32\drivers\etc\hosts In the hosts file add the following: <burp IP> <url> Open burp and go to options to set up the proxy. Click support invisible proxying.

I recently got my email saying I passed the OSCP exam first time. This blog will illustrate the approach I used and what worked for me. I hope it helps out some of you who are trying to get it done. (TLDR: The recommendations at the end might help) My experience and why I did the OSCP exam. I…