In this post ,i ‘m going to change the default passwords of an ip camera firmware by doing some reverse engineering .Now First I need to get the camera firmware from the vendor.i found TH-sys-48.2.64.214.bin(VStarcam) I ‘m going to use Strings and binwalk. We can see a compress  files in the  firmware.Now i ‘m going to […]

Welcome to Pentestit lab v11. You can start here with the url:https://lab.pentestit.ru The Network: Before you are able to access to the Network , you must register. The Network Diagram  will be presented with the picture: SITE/CRM/MAIL setting at 192.168.101.10(the main office) and another at 192.168.101.11(the second office) The  VLAN (DIR) n° 1 setting at […]

LAB 1-1: Files: Lab01-01.exe:bb7425b82141a1c0f7d60e5106676bb1 Lab01-01.dll: 290934c61de9176ad682ffdd65f0a669(md5) Answers: 1. Upload the files to http://www.virustotal.com and view the reports. Does either file match any existing antivirus signatures? 2. When were these files compiled? 3.Are there any indications that either of these files is packed or obfuscated? If so, what are these indicators? 4. Do any imports hint […]

Ransomware is a malware/malicious software program designed to block or disable access to the data your computer. The program displays a full-screen message on your screen claiming all files/programs have been blocked or encrypted. It demands a ransom, to be paid within a specific time, in order to decrypt/restore access. I try in my presentation […]

Description The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. POC code :http://jordan-wright.com/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/ Shodan :   Exploit : Recommandations :https://nvd.nist.gov/vuln/detail/CVE-2015-1427    

Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. Vulnerability Overview: Zabbix suffers from a remote SQL injection vulnerability in the jsrpc.php page or api_jsonrpc.php page […]

The UK is a worldwide exporter of surveillance technology. From devices that hoover up phone calls and text messages, to hardware for monitoring internet traffic. “The transfer of these technologies cannot be divorced from human rights concerns,” Matthew Rice, advocacy officer at UK activist group Privacy International, told Motherboard in an email. “The use of […]

Learning that tens of thousands of MongoDB database have been compromised and held hostage by ransomware is both startling and worrisome. Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them.The number of affected databases has risen from hundreds to more than 10,000. […]

According to Shodan, the search engine for internet-connected devices, there are at least 18160 Samsung smart TVs connected to the internet.   let’s starts with an exemple .I use shodan to found a NEC LCD Monitor the next step is to connect to one of adresses IP and we can see no authentication   we […]