Weaponize Oracle Weblogic Server POC (CVE-2018-2628)

26th Apr 2018

On April 18th 2018, a Remote Command Execution vulnerability has been discosled in Oracle Weblogic Server.
At the time of this writing, there are a couple of Proof Of Concept out there, let's see how we can improve them and pop a remote shell an the victim machine.

SQL or NoSQL injection?

13th Sep 2017

Finding a SQL injection is always a joy: it's one of the most trivial vulnerability to exploit and it's very easy to provide a valid POC. However this time I was having some troubles to find a valid proof: the remote server was simply dropping the connection with a 500 error.
To complete the task I had to think about the box and take a look at the big picture.

How to crawl the web

26th Jul 2017

I usually work with CMS and, from time to time, there's the same old question: what's their marketshare? Joomla claims to be the 2%, WordPress something around 27%. Is there a way to get some solid data and fix this issue once and for all?
Well, the answer is simple: let's crawl the web and count how many sites are using a specific technology.

How to scan and surf an internal network

7th Jul 2017

Let's say you have terminal access to a server and you want to perform a scan of the internal network. Moreover, you want to actually surf any intranet site with your browser.
Usually you would create a dynamic port forward using SSH, but what if it was disabled? Despair not, proxy and port forwarding are here to rescue you!

Server compromise on [REDACTED] hosting

6th Apr 2017

TAKING A LOOK AROUND

On one of my domains, the host is offering CLI access as part of their hosting plan. What could be possible go wrong with giving SSH access to the customers? Apparently a lot of things.