[CTF NDH 2016 Quals] Write-Up – Inforensic : Invest
Posted by: Yann C. /
Category: Cryptanalyze / Cryptography / Cryptology / / / / / Vulnerabilities, exploits and PoC /
No Comments
03
Apr
2016
Write-up of the challenge “Inforensic – Invest” of Nuit du Hack 2016 CTF qualifications.
The weekend of 04/01/2016 is pre-qualification for the Nuit du Hack 2016 as a Jeopardy CTF. Having had the opportunity and the time to participate with some colleagues and friends, here’s a write-up resolution of the challenges which we.
Read more
[Contribution – PoC] Fortinet SSO IdP – Credential Stealer RXSS
Posted by: Yann C. /
Category: Contributions / Vulnerabilities, exploits and PoC / XSS /
No Comments
04
Mar
2016
SSO authentication page of one of Fortigate IdP presents a Cross-Site Scripting vulnerability which can be used to steal user credentials in plaintext.
Companies and current majors turn increasingly to identity federation. A central and single repository containing users credentials (login / password) like LDAP, AD, etc., a single web application centralized authentication (commonly referred to IdP for. Read more[Windows / DOS / PowerShell] File upload in command line – one liner
Posted by: Yann C. /
Category: Network and system administration / OS / Vulnerabilities, exploits and PoC / Windows /
4 Comments
02
Mar
2016
How to upload / transfer a file through a shell / terminal DOS on Windows? There is no "wget" easy to use on these OS; many pentesters are being ripped hair to transmit a payload.exe when they gain a shell or reverse-shell on a compromised a machine.
Many methods exist, starting from solutions. Read more(Français) [Contribution] RXSS WAF Bypass – CIC.fr
Posted by: Yann C. /
Category: Contributions / Vulnerabilities, exploits and PoC / XSS /
No Comments
10
Jan
2016
Sorry, this entry is only available in Read more
16
Nov
2015
Sorry, this entry is only available in Read more