jkr

@ATeamJKR

box creator (OneTwoSeven, WriteUp, Zetta, Traverxec). hobbyist. Part-time CTF player .

Vrijeme pridruživanja: srpanj 2019.
10 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @ATeamJKR

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ATeamJKR

  1. prije 11 sati

    Thanks for the writeup. Actually this was my favorite challenge of the

    Had an awesome weekend playing with Team Exit on the , and also got around to finishing a write-up for the RMF / Ace of Diamonds challenge. Thanks for the challenges and good times, !
    5 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    prije 21 sat

    just ended and we scored 2nd! Well played everyone! Looking forward to receive our prizes from :)

    4 proslijeđena tweeta 44 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    1. velj

    Another box solved the unintended way: RE. Once I had RCE after dropping an aspx webshell with the Winrar CVE, I used the UsoSvc service to gain SYSTEM and impersonated the Coby user to decrypt the root flag. Great box by .

    26 proslijeđenih tweetova 107 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    1. velj

    RE just retired from . As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.

    11 replies 115 proslijeđenih tweetova 461 korisnik označava da mu se sviđa
    Poništi
  5. 31. sij

    Just checked, but was not renamed to @hackthebox_uk yet. Wondering when this will happen?

    2 proslijeđena tweeta 36 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    29. sij

    ffuf 1.0 released! phew, this is a big one. Feature highlights in this thread Huge thanks for all the contributors, and special thanks to for pulling off a feature bounty and for fulfilling it in a record time (and contributing said bounty to charity).

    11 replies 95 proslijeđenih tweetova 304 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    25. sij

    One more writeup for AI from is up: That SQL injection using text-to-speech gave me a hard time.

    5 replies 13 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  8. 27. sij

    Thanks for writing this up! This means the (default) rpcNode password is known to the public as well now. Make sure to not ignore the warning about this. This can lead to straight RCE as root via the mgmt interface.

    With all the fun around Citrix Netscalers here's how to decrypt encrypted values from the config file (like bind dn passwords)
    2 proslijeđena tweeta 13 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    26. sij

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    47 replies 1.122 proslijeđena tweeta 3.140 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    21. sij

    Ep 57: MS08-067 With special guest . Hear what goes on internally when Microsoft discovers a major vulnerability within Windows.

    27 replies 172 proslijeđena tweeta 554 korisnika označavaju da im se sviđa
    Poništi
  11. 20. sij

    I saved my 111th tweet for today to say hello to all my 111111111 followers 👋. Hope from time to time you find interesting stuff in your timeline 🙃!

    17 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    16. sij

    The latest in the saga - even if mitigations are applied, on some firmware versions the mitigations don't work as the rewrite policies Citrix supplied don't work due a bug.

    Odgovor korisnicima @Boredsysadmin @GossiTheDog
    Link to Citrix Support article
    5 replies 94 proslijeđena tweeta 127 korisnika označava da im se sviđa
    Poništi
  13. 15. sij

    Does this mean opened a CA business? 🤣

    Here's a picture of CVE-2020-0601, don't forget to patch! Took some inspiration from :)
    Prikaži ovu nit
    1 reply 1 proslijeđeni tweet 10 korisnika označava da im se sviđa
    Poništi
  14. 12. sij

    I was about to have a free weekend as exploit work had been done by others already. Took the time to write about a more or less related project: Getting access to an encrypted appliance VM by modifying memory with help of VBoxDbg.

    9 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    11. sij

    Bitlab from was an opportunity to play with CICD, and to do some simple windows RE / debugging. In Beyond Root, I'll show an alternative path from www-data to root, and look at how the exe mis-calls `GetUsernameW`.

    18 proslijeđenih tweetova 49 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    11. sij

    I didn't solve Bitlab the intended way but I still go over the initial shell with the PHP RCE. I used the git hooks method to gain root since git pull was sudo'ed root. Check out my writeup:

    12 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    11. sij

    We have just released a new tool for exploiting CVE-2019-19781. Our goal was to keep private as long as possible to have a longer window to fix. Other researchers have published the exploit code in the wild already. Cats out of the bag.

    20 replies 531 proslijeđeni tweet 914 korisnika označava da im se sviđa
    Poništi
  18. 11. sij

    Now that released an exploit for I don’t need to write it myself. My plan for today was to put together the puzzle pieces after I found the undocumented TT2 code exec thing was posted on the project's GitHub issues page 😜

    10 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    10. sij

    I was able to reproduce the Citrix ADC Remote Command Execution in one day. Guess you need to patch ASAP. -2019-19781

    12 replies 208 proslijeđenih tweetova 527 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    8. sij

    As promised, I've documented some additional information from research into . There is a bit of misleading information out there so I hope this will clear the air a bit. cc:

    38 proslijeđenih tweetova 69 korisnika označava da im se sviđa
    Poništi

@ATeamJKR još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·