Safetech Blog - Security Tips and Tricks


by Oana Stoian

PwnLab:init Walkthrough

Thanks to Claor @Chronicoder and VulnHub folks for the opportunity of writing another walkthrough for a very challenging vulnerable machine. First thing first, I fired-up nmap. Usually I do that, run nmap and after that nikto. 😀 As it can be observed, only two ports are of interest: 80 (for HTTP) and 3306, on which runs mysql….

Read More

34 total views, no views today


by Oana Stoian

Tommy Boy 1 Write-up

If you came here just for the last flag, here it is: YOU CAME. YOU SAW. YOU PWNED. Thanks to you, Tommy and the crew at Callahan Auto will make 5.3 cajillion dollars this year. GREAT WORK! That’s all folks! Thanks for reading this! 🙂 And now, if you want to know the story of…

Read More

317 total views, 6 views today


by Oana Stoian

Mr. Robot Write-up

Being a fan of the series Mr.Robot, I decided to exploit this vulnerable machine added by Jason. Someone once said that the best way to be prepared for a hack when it happens, is to be hacked. So, let’s hack Mr. Robot 🙂 Starting with enumeration, I fired-up nikto, that reveals a lot of useful…

Read More

1,033 total views, 12 views today


by Oana Stoian

Stapler Writeup

In this article I will present you the way I have completed the Stapler machine challenge hosted on Vulnhub. Stapler is particularly interesting because it allows you to perform and obtain a lot of various information through enumeration – one of the best machines for this actually – thanks to @g0tmi1k for this!   Information gathering…

Read More

957 total views, 3 views today


by Oana Stoian

Fuku Writeup

There are lots of ways for exploiting Fuku, a machine which is not so easy to compromise – at least not for the patienceless, as it has some interesting defense mechanisms – some of them you will discover below, some of them  I`ll let you discover 🙂 Today, I’ll show you my way.   First…

Read More

436 total views, 2 views today


by Ionut Cernica

AT&T – Old version of JBoss and default credentials

I found an old JBoss console on one of the AT&T subdomains https://espcare.att.com/ There was an old version of JBoss web application, the application was vulnerable to authentication bypass, not to mention that I was able to authenticate with default username and password. Risk: I was able to deploy my desired application on the server…

Read More

150 total views, 2 views today


by Ionut Cernica

Parse.com security problem

This is a writeup for a security problem in parse.com website. Parse.com is an acquisition of facebook and every security problem on this website is eligible for a bounty in the facebook bugbounty program.   There was a problem with the download URL for important information about the applications you manage on your account. The…

Read More

147 total views, 1 views today


by Ionut Cernica

Codegate 2014 quals – web 200 WriteUp

WebProxy WriteUp We were given a web application with a proxy functionality. http://58.229.183.24/188f6594f694a3ca082f7530b5efc58dedf81b8d/index.php In the response from the server a comment can be found which contains the link where the flag might be. admin/index.php The request type is “GET” and it has one parameter named “url”. /index.php?url=websiteToVisit The value of the “url” parameter is filtered….

Read More

126 total views, 1 views today


by Marinel

How to: Secure and Privacy Enabled Browsing

There are plenty of guides on the web about securing your computer against threats you can encounter on the internet, while making your browsing habits hassle free and enjoyable. Most of the guides teach you basic stuff about how to install antivirus and other anti-malware suites, check your browser for toolbars and extensions, whether your…

Read More

129 total views, 1 views today


by Ionut Cernica

eBay Authentication Bypass

On 18 January 2014 I reported to eBay a security problem about an authentication bypass on one of their websites -> community.ebay.co.jp. To login to community.ebay.co.jp, I was first sent to the eBay website, where you must complete a form with your ebay username and password, after that you are redirected to community.ebay.co. jp with…

Read More

380 total views, 3 views today