This writeup is the consequence of Laluka's mastery and Branko's wish to learn semething new. It will go through the description and reproduction of new vulnerabilities found in the invoicing application Invoice Ninja. This research was done during a two days OffenSkill lvl-30 training, with a white-box approach.| thinkloveshare.com
This article is the result of an OffenSkill Training. It explores a post-authentication phar unserialize leading to a remote code execution (RCE) within Chamilo (Learning Management System) 1.11.12 up to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server.| thinkloveshare.com
Hello dear reader, This article is the continuation of my Spip research, with a twist! One Spip Unauth RCE Challenge player (@Vozec1) came to me with an extra question after solving my initial challenge: “I think I found another similar bug, are you already aware of this issue?” And I was not (code changes fast)! We therefore worked together to make the most out of it, here’s our co-written story!| Hacking on Think Love Share
We're in 2024, and we'll do some eval. Will you do some eval with me? It's been a while! Anyway, yes, we'll cover a new pre-authentication remote code execution on Spip, default installation, abusing a recent scary code change in the porte-plume plugin! :)| thinkloveshare.com
This article discusses a critical remote code execution (RCE) vulnerability in the Maarch Courrier software, an electronic correspondence and document management system. The vulnerability, found during a white-box code review session, allows an attacker with administrator access to execute arbitrary commands on the server. The exploit involves command injection through improperly sanitized user inputs in the administration settings of the software. Detailed analysis, including proof of concep...| thinkloveshare.com
For web 0day research, it is important to get as much insights on your target as you can. Simply fuzzing around and reading the responses or logs is simply not enough. Php-internalog is our attempt at gaining vision in the core actions a php server can take. This article includes all our iterations over this idea, and opens on a new approach, and an... Already existing tool! But with a different use than its intended purpose.| thinkloveshare.com
While working at ManoMano, I spent some time auditing various software we rely on for end2end tests. During this, I stumbled upon Web Page Test, a software that will query and render a website with a headless browser in order to audit its performance, usability, loading time, etc. Back then, our tech ecosystem was relying on this, but we, at the Security Team explained why this software seemed way too prone to security issues. One week later, Web Page Test was gone because 'a pre-auth SSRF ha...| thinkloveshare.com
In May 2022, I've been invited to give a talk to the HitchHack event in Vannes. This is the same event I gave my very first talk exactly 4 years ago. To celebrate, we'll go through many exploit chains I went through, as always, sharing knowledge and fun at the same time! This is basically a huge bag of ideas, with over 70 methods to gain remote code execution from nothing. Enjoy!| thinkloveshare.com
I hope you like tooling, bash scripting, and uber-duper shells, because we're going to enhance the sad shells we had to happy automated, multiplexed, encrypted, fully interactive PTYs with push notification and automatic persistency!| thinkloveshare.com
Just an incomplete exploit chain worth sharing. It'll show an attempt to exploiting Pulse Secure VPN through its guacamole and postgres components. It implies socat, metasploit, puppeteer, and WebSocket hooking!| thinkloveshare.com
While doing research on various topics, I stood upon Guacamole, a software that can be used as a connection bastion or protocolar gateway. It has many original vulnerabilities that lead to a Remote Code Execution once chained. Let's begin, shall we?| thinkloveshare.com
I spent too much time hacking on Jolokia, so here's an exploitation toolkit, it provides file read, write, rmi injection, information disclosure, and much more. Enjoy!| thinkloveshare.com
Some exploits are just too fun to be true. This first example attempts to exploit a web application through JVM options modification using jolokia coupled with a DOS attack. Fun right? But as explained, this doesn't work, and here's why!| thinkloveshare.com
Help a friend to troupleshoot issues on their server isn't always an easy thing. There are many ways to achieve this, and I'm going to show you three different solutions. We'll make use of ssh, tmux, tmate, gotty, socat and even ngrok.| thinkloveshare.com
Bien souvent, je me retrouve à parler d'infosec avec des personnes très novices, voir complètement étrangères à ce milieu. C'est pourquoi je vous propose aujourd'hui un petit récap des attaques classiques, mais expliqué 'avé lé mimines ! '| thinkloveshare.com
Miscellaneous challenge that encourage the CTFer to either code an equation solver, of use one already existing.| thinkloveshare.com
Binary exploitation of a dummy command executor, simple buffer overflow of a function's parameters.| thinkloveshare.com
Binary exploitation using linked lists in order to store parts of a shellcode in many places and then link their execution with jumps.| thinkloveshare.com
Hardware challenge on paper! This task consists in getting the internal state of a (simple) circuit, bit by bit, and convert it to ascii texte.| thinkloveshare.com
Web challenge about XSS and browser behavior. It's all about finding a bypass in order to execute a javascript function after its references has been removed.| thinkloveshare.com
The basics of binary operation are normally acquired, let's go for a practical operation with a stack pivot!| thinkloveshare.com
Introduction to Return Oriented Programming (ROP) and practical example.| thinkloveshare.com
Introduction to Return to libc (ret2libc) and practical example.| thinkloveshare.com
Introduction to binary exploitation, ELF format and shellcode writing.| thinkloveshare.com
ThinkLoveShare Writing InfoSec BlogPosts & Streaming takes time and requires a decent setup (and work-life balance). If you like the work done here and want to help me moving forward with new research & projects (thanks! ❤️ ), here are a few options! Sponsor a Stream-Episode twitch.tv/thelaluka or BlogPost You can suggest a topic, guest, tool or feature to PoC Your logo & links will be reflected Live & in the Wall of Support below Make a one-shot or reccurent small donation through one of...| thinkloveshare.com
Stream @ twitch.tv/thelaluka Replays @ youtube.com/@TheLaluka Alerts @ twitter.com/TheLaluka Community @ discord/ThinkLoveShare Everything @ linktr.ee/TheLaluka Past Streams Stream Replayz 2024 Pentest Role Play Game Stream Replayz 2023 OffenSkill-Related| thinkloveshare.com
In this article, we discuss our team's journey in exploring and identifying vulnerabilities in Kong and Konga, two open-source API management tools. By dissecting the software and discovering potential security issues, we contribute to a more secure implementation of these tools. The article emphasizes responsible disclosure, hardening processes, and the importance of continuously improving software security. It shares our experiences, challenges, and insights, while highlighting the need for...| thinkloveshare.com
Some more 0-day research done on Spip, includes preauth and postauth RCE. We're also welcoming our first guest-writer t0 that will introduce another post-auth RCE he found! Disclosing a bit late but hey, now it's there! :)| thinkloveshare.com
Exploitation writeup for a RCE a found recently, involving a path traversal, an SSRF, jolokia endpoints, and Tomcat jsp files!| thinkloveshare.com
Vulnerability research write-up on spip, the web framework used by root-me.org. The issues found goes from XSS to RCE, passing by SQLi!| thinkloveshare.com
Having some fun playing with xss and websockets. A different approach to reverse shell and their contexts!| thinkloveshare.com
Introduction to Wordpress Subpath Auditor, a homemade tool that can be used to audit various components within a Wordpress installation. It relies on docker, git, php, wordpress, python, and virtualenv.| thinkloveshare.com
Tired of broken tools? You broke your system frequently by installing random sh*t? So do I! Let's see how to use docker, metasploit, ngrok and aliases in order to simplify your life and keep your system alive while hacking the planet!| thinkloveshare.com
GreHack 2018 is an hacking event (conferences and CTF) that takes place each year at Grenoble in France. Last year was the first time I went to an event like that, this year, I bring you in !| thinkloveshare.com
ThinkLoveShare Here you’ll find all kind of information, mainly IT security and development related but not only. I sometime like to share random thoughts, reflections, tools, songs, writings, travels, … Whoami PDF Resume here: english.pdf || french.pdf Everything else: https://linktr.ee/TheLaluka Hello there ! My name is Louka Jacques-Chevallier, also known as Laluka. I love learning, teaching and sharing tips. I lived here for quite a while, and this is the place I like the most on eart...| thinkloveshare.com