CSRF In BigTree CMS

Posted on Sun 08 March 2015 in Web Hacking • Tagged with web, csrf, responsible disclosure

A cross site request forgery vulnerability that existed in BigTree CMS version <= 1.4.5


Continue reading

Hacking FoeCMS

Posted on Sun 08 March 2015 in Web Hacking • Tagged with web, sql injection, xss, smtp injection, insecure authentication, remote code exection

A hacking session against the open source FoeCMS where a number of vulnerabilities were found


Continue reading

A Web Hack

Posted on Sun 08 February 2015 in Web Hacking • Tagged with web, sql injection, password cracking, file upload, path disclosure, xss, python

Hacking an old version of BigTree CMS as a Pentester Academy challenge VM


Continue reading

Improving The ROP Exploit

Posted on Wed 14 January 2015 in x86-32 Linux • Tagged with exploit development, linux, 32bit, fuzzing, buffer overflow, rop

Adding to the last return orientated programming exploit by using a few more advanced ROP techniques


Continue reading

Beating ASLR and NX using ROP

Posted on Sun 11 January 2015 in x86-32 Linux • Tagged with exploit development, linux, 32bit, fuzzing, buffer overflow, rop

Using return orientated programming to beat both address space layout randomization and never execute on 32bit Linux


Continue reading

SQL Injections

Posted on Tue 02 December 2014 in Web Hacking • Tagged with web, sql injection, python

A walkthrough of some reasonably advanced SQL injection techniques and exploitation


Continue reading

Rootkit for Hiding Files

Posted on Thu 23 October 2014 in Linux Kernel Hacking • Tagged with kernel development, linux, c, rootkit, kernel hacking

Building a basic rootkit for hiding files from normal operating system commands on Linux


Continue reading

Reversing A Simple Obfuscated Application

Posted on Tue 30 September 2014 in Reverse Engineering • Tagged with linux, 32bit, debugging, reverse engineering

A walk through of some basic manual obfucation and deobfuscation methods for IA32


Continue reading

Usermode Application Debugging Using KD

Posted on Wed 24 September 2014 in Reverse Engineering • Tagged with windows, reverse engineering, debugging

Debugging a usermode application using the kernel debugger kd.exe on Windows


Continue reading

Reflected XSS at PentesterAcademy

Posted on Sat 09 August 2014 in Web Hacking • Tagged with web, xss, pentesteracademy

Solving some cross site scripting challenges at pentester academy


Continue reading