Skip to content
Home » Blog

Blog

Tool Tuesday: AttackForge

Welcome to the inaugural blog post for our Tool Tuesday! On the first Tuesday of each month one of our penetration testers will share a tool or software that they use or have used that they can’t live without. Engineer: James Carroll Tool: AttackForge Website: www.attackforge.com To kick off the the first Tool Tuesday post,…

Continue Reading Tool Tuesday: AttackForge

Breaking Down the CRTO and OSEP

Author: Adam Pawloski Happy New Year everyone! I’ve recently passed the exams for the Offensive Security Experienced Penetration Tester (OSEP) and Certified Red Team Operator (CRTO) certifications and wanted to share my thoughts on the courses, how they relate to day-to-day work activities and how the courses compare. OSEP Course Content The OSEP is a…

Continue Reading Breaking Down the CRTO and OSEP

Motu AVB Directory Traversal Vulnerability and Exploit (CVE-2020-8009)

We’ve found that MOTU AVB devices contain a directory traversal vulnerability. During testing, we were able to append characters to the end of the URL and manipulate the application to display local files. For example, when using the URL of http://<<host>>:1280/../../../../../../../../../../../../etc/passwd The application responds with the listing of the /etc/passwd file. The vendor has not…

Continue Reading Motu AVB Directory Traversal Vulnerability and Exploit (CVE-2020-8009)

SpecoWeb Directory Traversal (CVE-2021-32562)

SpecoWeb (presumably all versions or at least all versions that I have tested) is vulnerable to a directory traversal vulnerability. This vulnerability can be exploited using a browser and Burp Suite. Appending /../../../../../../../../../../../../etc/passwd at the end of a SpecoWeb URL discloses the hash values of all users. All affected instances that have been tested thus…

Continue Reading SpecoWeb Directory Traversal (CVE-2021-32562)

How to Pivot with Meterpreter and Proxychains

During an external engagement recently, I encountered a ColdFusion server was vulnerable to the BlazeDS Vulnerability which allows remote code execution. I stumbled upon the article written by Brett DeWall at WhiteOak, which has a great write up of this vulnerability and how to exploit it which can be found here https://www.whiteoaksecurity.com/2019-9-3-blazeds-java-object-deserialization-exploit-walkthrough/. I followed this write…

Continue Reading How to Pivot with Meterpreter and Proxychains