F5 BIG-IP iControl REST vulnerability CVE-2022-1388

Good afternoon to every security researcher. I would like to share my experience of finding announced vulnerability by internal F5 security team and writing the exploit for CVE-2022-1388. You can read more about this vulnerability on thehackernews or helpnetsecurity. iControl REST is an API for interaction between scripts and F5 device, used to manage and control that device automatically. Based on the details of the mitigation, the problem should be somewhere in the Connection: header....

May 9, 2022 · 5 min · Matus Bursa

racecar

Hello hackers, let’s solve another CTF from category easy. This challenge is about format string vulnerability First of all I look what type of file is it % file racecar racecar: ELF 32-bit LSB pie executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=c5631a370f7704c44312f6692e1da56c25c1863c, not stripped So I started Ghidra and look at functions there There are couple of interesting functions with various name and after little bit of time looking at the functions I found the right one As you can see, there is a part where the file flag....

May 2, 2022 · 2 min · Matus Bursa

ret2win

$ PYTHONIOENCODING=utf8 ./ret2win.py [!] Pwntools does not support 32-bit Python. Use a 64-bit release. [+] Starting local process './ret2win32': pid 26910 ret2win by ROP Emporium x86 For my first trick, I will attempt to fit 56 bytes of user input into 32 bytes of stack buffer! What could possibly go wrong? You there, may I have your input please? And don't worry about null bytes, we're using read()! > Thank you!...

January 3, 2021 · 1 min · Matus Bursa

Reversing ELF

Hi, today I would like to show you how to solve easy RE CTF and how to start with RE, my directory after finish all challenges looks following: $ tree . ├── crackme_1 │ ├── crackme1 │ └── flag.txt ├── crackme_2 │ ├── crackme2 │ └── flag.txt ├── crackme_3 │ ├── crackme3 │ └── flag.txt ├── crackme_4 │ ├── crackme4 │ ├── flag.txt │ └── gdb_cmd ├── crackme_5 │ ├── crackme5 │ ├── flag....

December 7, 2020 · 7 min · Matus Bursa

Inclusion

Hi guys, after long time I have 5 minutes for playing game, so let’s play. I see new game called Inclusion with describe A beginner level LFI challenge. Yes, this is something I want to play and have been done quick. So I am starting VPN tunnel to our playground and click on magic button Deploy machine. As always first scan ports opened on the machine. $ nmap -T4 -sV 10....

March 16, 2020 · 3 min · Matus Bursa