xD4rker

Software Description phpLDAPadmin is an web-based LDAP adminstration interface for viewing and manipulating LDAP information. Vulnerability Description $request['form'] and $request['rdn'] parameters in file htdocs/entry_chooser.php aren't properly sanitized before being displayed to the user, which allows a remote attacker to inject arbitrary HTML/Javascript code in a user's context. This vulnerability, if successfully exploited, can lead to data manipulation or information leakage as it is demonstrated in this PoC video. Proof of Concept (PoC) XSS via the 'form' parameter: http://localhost:8888/phpldapadmin/entry_chooser.php?form=advanced_search_form%22).base;%27);}%20alert(1);%20function%20lol()%20{%20isNaN(%27&element=base&rdn=test XSS via the 'rdn' parameter (needs Chrome's XSS Auditor bypass): http://localhost:8888/phpldapadmin/entry_chooser.php?form=advanced_search_form&element=base&rdn=test%22%

Thanks to @UnaPibaGeek & @pablogonzalezpe for their efforts to develop the Metasploit modules. Modules can be found here (Scanner + Exploit) : https://packetstormsecurity.com/files/142181/Microsoft-Windows-MS17-010-SMB-Remote-Code-Execution.html https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit This vulnerability affects Windows 2000, Windows XP, Windows 7, Windows 8, Windows Server 2000 up to 2012 R2. How to protect yourself If you still haven't updated your system, you should probably do it right away. If for some reason you aren't able to apply updates, Consider disabling SMB protocols. To disable SMBv1, SMBv2 and SMBv3 under Windows 8 and Windows Server 2012, run the following cmdlets (powershell commands) : Set-SmbServerConfiguration -EnableSMB1Protocol $false Set-SmbServerConfiguration -EnableSMB2Protocol $false For Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008, you should use these: Set-Ite

Category : Forensics  Points : 100 Challenge Description : I was sniffing some web traffic for a while, I think I finally got something interesting. Help me find flag through all these packets. net_756d631588cb0a400cc16d1848a5f0fb.pcap Opening it up with Wireshark gives some few HTTP packets. After looking through those packets, I noticed that one of them contains the word FLAG. The start of the conversation contains a python script and some random padding at the end which was more likely to be the script's output. Looking through the python script we notice there is a variable called FLAG (censored) that gets encoded with Base64 then looped through one of the following ciphers ROT13, ROT3 and Base64 (randomly chosen).  One thing to mention is that the script keeps the cipher index attached to the encrypted string, this will make it easier for us to reverse the whole thing. I wrote a quick python script to do the decryption : Executi

Category : Steganography Points : 100 The description of the challenge was: Hear With Your Eyes In this challenge, we were given a wav file which we somehow had to decrypt to get the flag. This was a pretty easy one to be honest. After hearing the audio, the first thing that came up to my mind was to use a signal analyser. For this matter I used baudline. The output was as follow : The flag was : e5353bb7b575578bd4da1c898a8e2d7667