AWS basics

These get taught in flaws.cloud, I wanted to put them all together in one spot for myself and anyone else. Determine the IP of the target: dig +nocmd any +multiline +noall +answer See if the IP falls within the “amazonaws.com” servers nslookup Can anyone read the bucket contents…

Bypassing Password Protected VBA Modules With WinDbg

Brief IntroOffice 365 products include an IDE for developing macro’s with Visual Basic for Applications (VBA). VBA projects can be locked using a password of your choice preventing users with the document from opening and reading the VBA code. Most users will turn away from this obstacle, especially if…

CVE-2019-9958

BreakdownTarget: EspressReports ES Version 7 Update 7 Vendor: Quadbase Vulnerability: CSRF Brief: POST requests can be made to the server exploiting a CSRF vulnerability. This can lead to unauthenticated attackers or low privileged accounts performing privileged functionality via session surfing. In this write up, we exploit the CSRF vulnerability to…

CVE-2019-9957

BreakdownTarget: EspressReports ES Version 7 Update 7 Vendor: Quadbase Vulnerability: Authenticated Stored XSS Brief: A client side username restriction can be bypassed leading to stored XSS payloads in the username field. The payload is then triggered when accessing the user list node graph. Example Information: Attacker IP - 192.168.…