pty4all - The shells you deserve
Jan 29, 2022
I hope you like tooling, bash scripting, and uber-duper shells, because we're going to enhance the sad shells we had to happy automated, multiplexed, encrypted, fully interactive PTYs with push notification and automatic persistency!
Failed02 Pulse Secure VPN and Guacamole WebSocket Hooking
Dec 18, 2021
Just an incomplete exploit chain worth sharing. It'll show an attempt to exploiting Pulse Secure VPN through its guacamole and postgres components. It implies socat, metasploit, puppeteer, and WebSocket hooking!
RCE with SSRF and File Write as an exploit chain on Apache Guacamole
Nov 20, 2021
While doing research on various topics, I stood upon Guacamole, a software that can be used as a connection bastion or protocolar gateway. It has many original vulnerabilities that lead to a Remote Code Execution once chained. Let's begin, shall we?
Get shells with JET, the Jolokia Exploitation Toolkit
Oct 29, 2021
I spent too much time hacking on Jolokia, so here's an exploitation toolkit, it provides file read, write, rmi injection, information disclosure, and much more. Enjoy!
Failed01 - DOS to RCE in jolokia
Oct 3, 2021
Some exploits are just too fun to be true. This first example attempts to exploit a web application through JVM options modification using jolokia coupled with a DOS attack. Fun right? But as explained, this doesn't work, and here's why!
SSRF to RCE with Jolokia and MBeans
Feb 28, 2021
Exploitation writeup for a RCE a found recently, involving a path traversal, an SSRF, jolokia endpoints, and Tomcat jsp files!
RCE on Spip and Root-Me
Sep 29, 2020
Vulnerability research write-up on spip, the web framework used by root-me.org. The issues found goes from XSS to RCE, passing by SQLi!
A Helping Hand
May 3, 2020
Help a friend to troupleshoot issues on their server isn't always an easy thing. There are many ways to achieve this, and I'm going to show you three different solutions. We'll make use of ssh, tmux, tmate, gotty, socat and even ngrok.
Reverse XSShell
Feb 22, 2020
Having some fun playing with xss and websockets. A different approach to reverse shell and their contexts!
Infosec made easy
Feb 3, 2020
Bien souvent, je me retrouve à parler d'infosec avec des personnes très novices, voir complètement étrangères à ce milieu. C'est pourquoi je vous propose aujourd'hui un petit récap des attaques classiques, mais expliqué 'avé lé mimines ! '
Wordpress Subpath Auditor
Jan 25, 2020
Introduction to Wordpress Subpath Auditor, a homemade tool that can be used to audit various components within a Wordpress installation. It relies on docker, git, php, wordpress, python, and virtualenv.
Ngrok your DockerSploit
Dec 15, 2019
Tired of broken tools? You broke your system frequently by installing random sh*t? So do I! Let's see how to use docker, metasploit, ngrok and aliases in order to simplify your life and keep your system alive while hacking the planet!
GreHack 2018
Nov 16, 2018
GreHack 2018 is an hacking event (conferences and CTF) that takes place each year at Grenoble in France. Last year was the first time I went to an event like that, this year, I bring you in !
CSAW - Algebra
Sep 16, 2018
Miscellaneous challenge that encourage the CTFer to either code an equation solver, of use one already existing.
CSAW - Big boi
Sep 16, 2018
Binary exploitation of a dummy command executor, simple buffer overflow of a function's parameters.
CSAW - Shell->Code
Sep 16, 2018
Binary exploitation using linked lists in order to store parts of a shellcode in many places and then link their execution with jumps.
CSAW - Short Circuit
Sep 16, 2018
Hardware challenge on paper! This task consists in getting the internal state of a (simple) circuit, bit by bit, and convert it to ascii texte.
Security Fest - Excess ess 1
Jun 4, 2018
Web challenge about XSS and browser behavior. It's all about finding a bypass in order to execute a javascript function after its references has been removed.
PWN 4/4 : Stack Pivot ToZeMoon !
May 10, 2018
The basics of binary operation are normally acquired, let's go for a practical operation with a stack pivot!
PWN 3/4 : SaperliROPette !
May 9, 2018
Introduction to Return Oriented Programming (ROP) and practical example.
PWN 2/4 : Return to libc, pick a shell !
May 8, 2018
Introduction to Return to libc (ret2libc) and practical example.
PWN 1/4 : Buffer Overflow, where it all began
May 3, 2018
Introduction to binary exploitation, ELF format and shellcode writing.