So i live in a apartment complex with one big heater outside. We have these small devices on our radiators that ‘count’ how much heat we use and get send a bill once a year. After some years of begging […]
Finding password lists and credit card information using google dorks
So, we have all probably heard about google Dorks. If not; it’s a technique where you use google and its search filters to search for very specific things / security holes. OffSec has a website dedicated to this technique: Google […]
Prowise Reflect v1.09 remote keystroke injection
Prowise develops interactive digital school boards. One of the cool features these boards offer is casting using reflect, an inhouse build casting solution based on Chromecast. While troubleshooting an issue where students were casting unsolicited, I stumbled upon a client-side […]
Authenticated file upload to Remote Code Execution in Xerte
This is the third and final vulnerability found over a longer period of time in Xerte (for now?). This happened about a year after the previous vulnerabilities. Because of this, a lot of fixes and improvements had been applied to […]
Unauthenticated Remote Code Execution in Narrowcasting client
An unauthenticated remote code execution (RCE) vulnerability was found in a narrowcasting product. Now this exploit is very dear to my hearth because it’s my first ‘cool’ exploit. Narrowcasting systems are the information screens you see in big venues or […]
Unauthenticated file upload to Remote Code Execution in Xerte
So this is the second part of three vulnerability’s found over a longer period of time in Xerte. The vulnerability was a Unauthenticated file upload to Remote Code Execution (RCE). “Xerte is an award-winning suite of browser-based tools that allow […]
Reflected XSS in Xerte
So this is part of three vulnerability’s found over a longer period of time, the first one is reflected XSS. “Xerte is an award-winning suite of browser-based tools that allow anyone with a web browser to create interactive learning materials […]
Information disclosure in internet accessible reception pillar
So this is a weird one, during a discussion about port scanning with colleagues i showed them shodan.io. – beautiful website, check it out! I used the IP-range of an other educational institution. While browsing though the result we spotted […]
Local privilege escalation in AdRem NetCrunch NCServer.exe and NCMonitoringEngine.exe
NetCrunch is a network monitoring solution by Adrem, it runs on a central server and probes the network for information. A local privilege escalation was found in the server software in the services NCServer.exe and NCMonitoringEngine.exe. When one of the […]
Webprint filename information disclosure
While browsing though a webprint environment i noticed it was possible to view old print transactions. When viewing an old print transaction the date/time and filename is displayed. This information is fetched by visiting a link that includes the transaction […]
SCCM Wake On LAN and duplicate session hash
In another post I explained we use NAT to make Wake On LAN (WOL) work. WOL has successfully worked for the last few months. Our SCCM administrators use ‘right-click-tools’ to wake machines, this worked fine until a project was started […]
Wake On Lan and clients moving VLAN
In the past we have used Wake On LAN (WOL) to boot machines and do remote maintenance. A view years ago our company implemented a Network Access Control (NAC) solution to machines network access. The down side of this solution […]