Tag Archives: vulnerabiltiy

Windows exploit development ( the hard way )

ExploitLogo

Hello !

Today I’m going to share with you the hard time I was having creating a working exploit for “KnFTP Server”, please read the full post as there are many interesting things inside and they might come in handy for you someday !

Vulnerable software : “KnFTP Server 1.0.0” ( https://www.exploit-db.com/apps/182e4b13190ed23c06c8647dda9198dd-knftpd-1.0.0-bin.zip )

Crash POC : https://www.exploit-db.com/exploits/17856/

  • Fuzzing : 

Since we already have the crash POC we won’t dive deep into “how-to fuzzing”. Looking at the crash POC we see that the vulnerable command is “PWD” :

Continue reading

Tagged , ,

A vulnerability and a hidden admin account all inside “SITEL DS114-W” routers !

Hello, Hope you are doing well everyone ! It has been a long time since my last post, well let’s say I was occupied by some stuff but I’m back with a new discovery 🙂

As as an Algerian internet consumer, I’m a subscriber at “Djaweb ISP” as I don’t have much choices — let’s not talk about that now and dive into some serious stuff !

I found out the routers shipped by Algerian ISP “Djaweb” are now backdoored with a secret admin account and as it appears they didn’t do a good job in hiding it  … not only that but with a session management vulnerability too !

EXPLORATION :

As usual internet goes down from time to time and we are used to that in Algeria, this time it took long time so I went to restart the modem from the web interface . Continue reading

Tagged , , , , ,