ValBrux ( ͡° ͜ʖ ͡°)

Category

Ethical Hacking

How two dead accounts allowed REMOTE CRASH of any Instagram android user

Intro On April 2019, I had the fool idea of testing Facebook security (and more specifically Instagram security), after I got informed that the company enabled a new setting on their assets (called Whitehat Settings), making easier for researchers to… Continue Reading →

CVE-2019-6588 – Liferay Portal < 7.1 CE GA4 / SimpleCaptcha API XSS

Introduction In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the “url” parameter of the JSP taglib call <liferay-ui:captcha url=”<%= url %>” /> or <liferay-captcha:captcha url=”<%= url… Continue Reading →

Google Ads – Information Disclosure via null pointer exception

Well well! After having been pretty busy with some university mid-term exams, I finally found some spare-time to dig deep into bug bounty programs. Some months ago, I contacted Google about an information disclosure vulnerability I found on their Google… Continue Reading →

CVE-2018-13042 – 1Password Android < 7.0 - Denial of Service

Introduction The 1Password application < 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance. Poc… Continue Reading →

Assignment #3 SLAE Certification – Egghunter shellcode

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-1290 Assignment: The assignment scope is to study about the egghunter shellcode and creating a working demo in which the… Continue Reading →

Assignment #2 SLAE Certification – Reverse shell shellcode

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-1290 Assignment: The assignment consists in creating a reverse shell shellcode which reverses the connection to a specific IP and… Continue Reading →

Assignment #1 SLAE Certification – Bindshell shellcode

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE-1290 Assignment: The assignment consists in creating a bindshell shellcode which binds on a port, executes a shell on incoming… Continue Reading →

USB Killer – Raspberry Pi Zero Test

Finally,I got the USB Killer. It is a device to test the Power Surge Vulnerability, a common problem related to product with a USB connection. Since, it still scares me, I decided to perform an “assessment” on a low-price device… Continue Reading →

MITM using arpspoof + Burp or mitmproxy on Kali Linux.

I could not find anything on the web that explains how to setup properly a man-in-the-middle proxy on Kali Linux thus I am writing this article to make it clear. First we should enable IP forwarding on the proxy machine… Continue Reading →

Google XSS Game

I recently found this webpage (created by Google) which provides a cross-site-scripting game to test your skills in Javascript. It is divided into 6 levels. I found the first,second,third and fifth level pretty easy, but I think the fourth and sixth… Continue Reading →

© 2019 Valbrux — Powered by WordPress