Blog | General

Using Python To Get A Shell Without A Shell

Posted on October 27, 2017Link 

Introduction Many times while conducting a pentest, I need to script something up to make my life easier or to quickly test an attack idea or vector. Recently I came across an interesting command injection vector on a web application sitting on a client's internet-facing estate. There was a page, running in Java, that allowed me to type arbitrary commands...Continue reading 

Unauthorized FLIR (Lorex) Cloud Access

Posted on October 10, 2017Link 

Traditionally, closed circuit tv (CCTV) cameras and digital video recorders (DVRs) have been stand-alone, self-contained systems.  If the ability to access these systems remotely was required it was most commonly achieved by opening a port on a firewall and allowing access from the Internet to the DVR or camera directly.  Although effective, that method of access left what was in...Continue reading 

CVE-2017-6079 – Blind Command Injection in Edgewater Edgemarc Devices

Posted on May 16, 2017Link 

During a recent external penetration test, one of the many servers listening on the default HTTP port 80 caught my eye. The web server threw a HTTP Basic Authentication login prompt immediately upon viewing it, which was unique amongst this particular target network. Some time was spent trying to fingerprint the device and nmap did most of the heavy lifting for...Continue reading 

Have Questions?
Get Answers