Corelan Team (Lincoln)

Zabbix SQL Injection/RCE – CVE-2013-5743

Published October 4, 2013 | By Corelan Team (Lincoln)

Table of ContentsIntroductionDisclosure Timeline:Vendor DetailsVulnerability DetailsThe patch Leveraging SQL InjectionCool! We got Admin, now what?Code Execution Further Exploitation? Introduction First off, please do not throw a tomato at me since this is not the typical Windows binary exploit article that is posted on Corelan! During a recent a penetration test, I encountered a host running Zabbix, an […]

Posted in Pentesting, SQL Injection, Web Application Security | Tagged , , , , , , , , , , , , , , , , , , ,

Debugging Fun – Putting a process to sleep()

Published February 29, 2012 | By Corelan Team (Lincoln)

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading

Posted in 001_Security, Exploit Writing Tutorials, Malware and Reversing, Uncategorized | Tagged , , , , , , , , , , , , , , , , , , ,

WoW64 Egghunter

Published November 18, 2011 | By Corelan Team (Lincoln)

Traditional Egghunter An Egghunter is nothing more than an assembly routine to find shellcode somewhere in memory. We typically deploy an Egghunter when there is no more room in our buffer that we can use to initially redirect EIP to. If we are able to load our shellcode elsewhere in process memory, the Egghunter will […]

Posted in 001_Security, Exploit Writing Tutorials, Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , ,

Metasploit Bounty – the Good, the Bad and the Ugly

Published July 27, 2011 | By Corelan Team (Lincoln)

On June 14, 2011 HD Moore announced the Metasploit Bounty contest, offering a cash incentive for specific vulnerabilities to be submitted as modules in the Metasploit Framework. Titled “30 exploits, $5000 in 5 weeks”, a post on the Rapid7 blog lists the 30 “bounties” selected by the MSF team, waiting for someone to claim and submit a working exploit module.
Continue reading

Posted in 001_Security, Exploits | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Case Study: SolarWinds Orion (video)

Published December 14, 2010 | By Corelan Team (Lincoln)

Special Thanks: To my wife for putting up with my crap. Also SolarWinds for keeping an open communication while fixing the issue. And of course… Corelan Team :P Audio: Many thanks to DJ Great Scott for supplying me with the music. Definitely check out some of his work! http://soundcloud.com/greatscott http://glitch.fm/ Music in Video: Defcon (Samples […]

Posted in 001_Security, Exploits, Private | Tagged , , , , , , , , , , , , , , , , , , ,

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace

    • Categories

    Mastodon: @corelanc0d3r | @corelan


    Copyright Peter Van Eeckhoutte © 2007 - 2024 | All Rights Reserved | Terms of use