Socket.io-file <= 2.0.31 – File Type Restriction Bypass

Title: File Type Restriction Bypass in Socket.io-file NPM moduleDate: 31/07/2020CVE-ID: –Advisory: –Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: – During some of our pentests, we face applications that are well secured with not so many misconfigurations. That means that we have to dig deeper, if theContinue reading “Socket.io-file <= 2.0.31 – File Type Restriction Bypass”

Exploit Development Part 1 – Winamp 5.12 Buffer Overflow in Python (with egghunters)

Hello friend, hello friend, As you may know, I recently acquired my OSCP and I really fast stepped into OSCE, so right now I am spending my days in my rainy window developing exploits, backdooring and hunting for 0days (yeap, I have some of them too now 😉 ). The biggest issue though, is thatContinue reading “Exploit Development Part 1 – Winamp 5.12 Buffer Overflow in Python (with egghunters)”

[CVE-2020-15779] Path Traversal in Socket.io-file NPM module

Title: Path Traversal in Socket.io-file NPM module Date: 18/05/2020 CVE-ID: CVE-2020-15779 Advisory: https://www.npmjs.com/advisories/1519 Author: Thomas Sermpinis (a.k.a. Cr0wTom) Website: https://cr0wsplace.com Versions: <= 2.0.31 Package URL: https://www.npmjs.com/package/socket.io-file Tested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier while working for Auxilium Cyber Security, IContinue reading “[CVE-2020-15779] Path Traversal in Socket.io-file NPM module”

Wordlist Creation with CUPP (Mr. Robot)

In this tutorial for Cr0w’s Place we are going to see how to generate a wordlist / dictionary file in Kali Linux, with a different tool, called CUPP. The difference is that this tool uses questions related to the victim, to produce a personalized wordlist for him/her. It is a really useful and effective tool,Continue reading “Wordlist Creation with CUPP (Mr. Robot)”