Author Archives: Nasro

Got VNC? : VNC-roulette [Script]

.. so I had some spare time and I wanted to share with you guys something cool !
I built a tool with same concept as the vncroulette website which has been put offline.

To search for open VNC servers then login, if no authentication is required take a screenshot then save it and move to the next IP, simply simple huh !

Proof:

I ran it against Algerian IPs and it found this : Continue reading

Tagged , , , ,

Windows exploit development ( the hard way )

ExploitLogo

Hello !

Today I’m going to share with you the hard time I was having creating a working exploit for “KnFTP Server”, please read the full post as there are many interesting things inside and they might come in handy for you someday !

Vulnerable software : “KnFTP Server 1.0.0” ( https://www.exploit-db.com/apps/182e4b13190ed23c06c8647dda9198dd-knftpd-1.0.0-bin.zip )

Crash POC : https://www.exploit-db.com/exploits/17856/

  • Fuzzing :ย 

Since we already have the crash POC we won’t dive deep into “how-to fuzzing”. Looking at the crash POC we see that the vulnerable command is “PWD” :

Continue reading

Tagged , ,

A vulnerability and a hidden admin account all inside “SITEL DS114-W” routers !

Hello, Hope you are doing well everyone ! It has been a long time since my last post, well let’s say I was occupied by some stuff but I’m back with a new discovery ๐Ÿ™‚

As as an Algerian internet consumer, I’m a subscriber at “Djaweb ISP” as I don’t have much choices — let’s not talk about that now and dive into some serious stuff !

I found out the routers shipped by Algerian ISP “Djaweb” are now backdoored with a secret admin account and as it appears they didn’t do a good job in hiding itย  … not only that but with a session management vulnerability too !

EXPLORATION :

As usual internet goes down from time to time and we are used to that in Algeria, this time it took long time so I went to restart the modem from the web interface . Continue reading

Tagged , , , , ,

“Mobilis Algeria” Millions of users at risk

Hello guys,

I’m back with a new post and a new discovery. As I’m a Mobilis GSM subscriber I thought about registering to their online invoice system, I took the steps and I have been provided with access to my account online . Continue reading

Tagged , , ,

My MSF ( Metasploit Framework ) workshop

MSF workshop

Join the workshop and let me show you how to conduct a penetration testing using Metasploit, take your knowledge to the next level with : Basic exploitation techniques, Armitage, pivoting, post exploitation, pass the hash attack and many more

https://t.co/pKMhf5b15j

HeartBleed – Exploiting the net “CVE-2014-0160”

 

heartbleed

Heartbleed has the potential to be one of the biggest most widespread vulnerability in the history of the modern Internet, at the root of Heartbleed is encryption. The internet has a set of protocols for security and encryption commonly known as “Security Socket Layers” S.S.L and its successor “Transport Layer Security” T.L.S, the most common implementation of SSL and TLS is a set of open source tools known as OpenSSL. Continue reading

Tagged , , , , ,

ZynOS – Part 2 ( Taking over the network )

Hello again ๐Ÿ™‚

I’m going to recap from the last post. So what I’m about to demonstrate in this post is the impact that can some attacker cause to your network once he access the router ย ..

We have access to the router but our goal is to get a foothold on the remote network, hmm .. we have port forwarding option which is beautiful, what we can do with that is scrap the network pool for internal IPs and forward ports like 445, 139 and try to exploit them from our end. Imagine also a network with 200 machines that will definitely be time consuming .. even if you write a script to automate that what makes you believe that you’re going to actually be able to get meterpreter sessions ? Continue reading