alt3kx.github.io

My Exploit-db reference at:

https://www.exploit-db.com/author/?a=1074
https://www.exploit-db.com/author/?a=9576

A handy collection of my public Exploits & CVE’s, all available on

https://www.exploit-db.com and https://cve.mitre.org

CVE’s

MicroFocus Reward + Critical $XX,000 USD (Back)	MicroFocus Reward (Front)

[CVE-2019-10685] Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10685

[CVE-2018-12596] Ektron CMS 9.20 SP2 allows remote attackers to call aspx pages via the “activateuser.aspx” page
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12596

[CVE-2018-7690] A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7690

[CVE-2018-7691] A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7691

[CVE-2018-12463] An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463

[CVE-2018-10732] The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10732

[CVE-2009-4118] Cisco VPN Client - Integer Overflow Denial of Service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4118

[CVE-2008-6827] Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6827

[CVE-2007-6638] March Networks DVR 3204 - Logfile Information Disclosure
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6638

[CVE-2007-5036] Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2586

[CVE-2007-3831] PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3831

[CVE-2007-3830] IBM Proventia Sensor Appliance - Multiple Input Validation Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3830

[CVE-2004-2549] Nortel Wireless LAN Access Point 2200 Series - Denial of Service
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2549

[CVE-2002-0991] Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0991

[CVE-2002-0740] SLRNPull Spool Directory Command Line Parameter Buffer Overflow Vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0740

[CVE-2002-0448] Xerver 2.10 - Multiple Request Denial of Service Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0448

[CVE-2002-0348] service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0348

[CVE-2002-0347] Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0347

[CVE-2002-0346] Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0346

[CVE-2002-0289] Phusion WebServer 1.0 - ‘URL’ Remote Buffer Overflow
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0289

[CVE-2002-0288] Phusion WebServer 1.0 - Directory Traversal (1)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288

[CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to execute arbitrary code
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0201

[CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200

[CVE-2001-1442] ISC INN 2.x - Command-Line Buffer Overflow
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1442

[CVE-2001-0934] Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0934

[CVE-2001-0933] Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933

[CVE-2001-0932] Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service Vulnerabilities
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0932

[CVE-2001-0931] Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0931

[CVE-2001-0758] Directory traversal vulnerability in Shambala 4.5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0758

[CVE-2001-0680] Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0680

CTF Games

SANS ToC Champion 2023 as solo category	SANS ToC Champion 2023 as solo category

SANS Tournament of Champions 2022 (special invite)	KringleCon 2022 Hoodie Winner

SANS Tournament of Champions 2021 (special invite)	SANS Tournament of Champions 2021 (special invite)

SANS Tournament of Champions 2021	SANS Tournament of Champions 2021

Offensive & Defensive, DFIR and Cloud l337 SANS Coins	KringleCon 2020 Hoodie Winner

SANS loot 2023:

🆕 SANS Holiday Hack Challenge 2023: Holiday Hack Challenge VI: A Holiday Odyssey 2023 100% achieved 💯
https://2023.holidayhackchallenge.com/

Holiday Hack Challenge VI: A Holiday Odyssey 2023	Holiday Hack Challenge VI: A Holiday Odyssey 2023	Holiday Hack Challenge VI: A Holiday Odyssey 2023

SANS Tournament of Champions 2023 🇺🇸: SANS NetWars v9 Tournament of Champions ToC (in person) | (Trophy, coin & commemorative coin achived) 🏆🏆🏆
https://ranges.io
toc2023

SANS Holiday Hack Challenge 2022: KringleCon V: Golden Rings 2022 Write-Up disclosed 💯
https://alt3kx.github.io/CTF_writeup/holidayhack/2022/index.html
https://www.sans.org/mlp/holiday-hack-challenge/ (Submission deadline of January 6, 2023)

alt3kx_KringleCon_2022_Write-Up

SANS loot 2022:

SANS Holiday Hack Challenge 2022: KringleCon V: Golden Rings 2022 100% achieved 💯
https://2022.kringlecon.com/

KringleCon V: Golden Rings 2022	KringleCon V: Golden Rings 2022	KringleCon V: Golden Rings 2022

SANS Tournament of Champions 2022: SANS Tournament of Champions 2022 4th Veteran Individual Top Leader-Board 4th place 🥉
https://ranges.io

SANS Tournament of Champions 2022	SANS Tournament of Champions 2022

SANS National French CTF 2022 🇫🇷: SANS National French CTF 2022, Top Leader-Board 1st place (Gold Medal achieved) 🏆
https://ranges.io
github_02

SANS loot 2021:

SANS Tournament of Champions 2021: SANS ToC Champions 2021 (special invite) (Coin achieved) 🏆
SANS Tournament of Champions 2021: SANS ToC Champions 2021 (Coin achieved) 🏆
SANS France CTF 🇫🇷: SANS France BootUp 2021, Top Leader-Board 2nd place (Silver Medal achieved) 🥈
SANS SEC542: Web App Penetration Testing and Ethical Hacking (Coin achieved) 🏆
SANS SEC560: Network Penetration Testing and Ethical Hacking (Coin achieved) 🏆

NCL loot 2024:

🆕 National Cyber League (NCL) 🇺🇸: Spring 2024, Team competition, (Champions!!, 3rd Place) (Trophy & Plaque) 🏆🥉🎉
https://cyberskyline.com/hosted_events/ncl-spring-2024/ scorebard_github_27 APR 24

National Cyber League (NCL) 🇺🇸: Spring 2024, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2024/ ncl_spring_2024

NCL loot 2023:

National Cyber League (NCL) 🇺🇸: Fall 2023, Team competition, (Top10 team) 🏆
https://cyberskyline.com/hosted_events/ncl-fall-2023/ ncl_fall_2023

leaderboard

National Cyber League (NCL) 🇺🇸: Fall 2023, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-fall-2023/ ncl_fall_2023

NCL Spring 2023, individual competition (coin)	NCL Spring 2023, individual competition (t-shirt)

National Cyber League (NCL) 🇺🇸: Spring 2023, Team competition, (Top10 team) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2023/ ncl_spring_2023

leaderboard

National Cyber League (NCL) 🇺🇸: Spring 2023, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2023/ ncl_spring_2023

Magnet Forensics loot 2023:

🆕 Magnet Forensics CTF 🇺🇸: Magnet User Summit 2023 CTF, individual competition 🏁
https://www.magnetforensics.com/

Magnet User Summit 2023 CTF	Magnet User Summit 2023 CTF (scoreboard)

AWS + HackerOne loot 2021:

HackerOne’s first-ever AWS CTF: AWS + HackerOne, Solved (New private invitation achieved) 💰
Hackeone BugBounty Private invites: 6️⃣ 💰💰💰💰💰💰

BugCrowd loot 2022:
“The Lure Challenge ,don’t be afraid …“ 🇺🇸 BugCrowd Halloween Challange 2022 solved, (Reward achieved) 🏆
https://twitter.com/Bugcrowd

.	.

BugCrowd loot 2021:
BugCrowd BugBounty Private Invites: 1️⃣ 💰

Yeswehack! loot 2024:

🆕 Dojo Challenge #35 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-35
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_35/

Dojo Challenge #35	Dojo Challenge #35 Flag

Dojo Challenge #34 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-34
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_34/

Dojo Challenge #34	Dojo Challenge #34 Flag

Dojo Challenge #33 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-33
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_33/

Dojo Challenge #33	Dojo Challenge #33 Flag

Dojo Challenge #32 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-32
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_32/

Dojo Challenge #32	Dojo Challenge #32 Flag

Dojo Challenge #31 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/Dojo-31
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_31/

Dojo Challenge #31	Dojo Challenge #31 Flag

Dojo Challenge #30 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/Dojo-30
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_30/

Dojo Challenge #30	Dojo Challenge #30 Flag

Yeswehack! loot 2023:

Dojo Challenge #29 🇫🇷: Swag pack received, special Dojo XMAS (2023) challenge!!! 🏆
https://dojo-yeswehack.com/practice/ec2ca31dc37d

Yeswehack! swag 1	Yeswehack! swag 2	Yeswehack! swag 3	Yeswehack! swag 4

Dojo Challenge #29 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/practice/ec2ca31dc37d
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2023/dojo_29

Dojo Challenge #29	Dojo Challenge #29 Flag

Dojo Challenge #28 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/practice/e0626b14ae4f
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2023/dojo_28

Dojo Challenge #28	Dojo Challenge #28 Flag

Yeswehack! loot 2022:
Dojo Challenge #19 🇫🇷: Swag pack, winner!!! 🏆
https://blog.yeswehack.com/dojo/dojo-challenge-19-winners

Yeswehack! swag 1	Yeswehack! swag 2	Yeswehack! swag 3	Yeswehack! swag 4

Dojo Challenge #19 🇫🇷: Solved!: winner!!! 🏆
https://blog.yeswehack.com/dojo/dojo-challenge-19-winners
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2022/dojo_19

Dojo Challenge #19 Winners	Dojo Challenge Flag #19

Yeswehack! loot 2021:
Yeswehack! BugBounty Private Invites: 1️⃣ 💰

Global CyberPeace Challenge:

Capture The Flag [IT] Global CyberPeace Challenge 2.0 2021 (Finalist achieved) 🏆
https://cyberchallenge.net

CTF Global CypberPeace 2.0 2021 (Medal)	CTF Global CypberPeace 2.0 2021 (Swag)

SANS loot 2020:

SANS SEC588: Cloud Penetration Testing (Coin achieved) 🏆
SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking (Coin achieved) 🏆
SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques (Coin achieved) 🏆
SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling (Coin achieved) 🏆
SANS Core NetWars Tournament 1st place (Coin achieved ) 🏆
SANS Cyber Defense NetWars Tournament 1st place (Coin achieved) 🏆
SANS NetWars Tournament of Champions (Top 10 teams/Coin achieved) 🏆
SANS Community CTF Tournament of Champions (Top player achieved) 🏆
SANS Mini-Netwars CTF winners (Hall of fame achieved) 🏆
https://www.counterhackchallenges.com/winners
SANS Holiday Hack Challenge KringleCon 2020 (Winner/Hoodie achieved) 🏆

PoCs (Proof of Concept)

🆕 [CVE-2023-24055] PoC CVE-2023-24055 | KeePass 2.5x export trigger injection (My early PoC)
https://github.com/alt3kx/CVE-2023-24055_PoC

[CVE-2022-1388] (PoC) CVE-2022-1388 | F5 BIG-IP RCE exploitation
https://github.com/alt3kx/CVE-2022-1388_PoC

[CVE-2022-22965] (PoC) CVE-2022-22965 | Spring Framework RCE exploitation (Quick pentest notes)
https://github.com/alt3kx/CVE-2022-22965_PoC

[CVE-2021-21985] (PoC) CVE-2021-26084 | Confluence Server Webwork OGNL injection
https://github.com/alt3kx/CVE-2021-26084_PoC

[CVE-2021-21985] (PoC & NSE checker) VMware vCenter Server CVE-2021-21985 RCE Virtual SAN Health Check plug-in
https://github.com/alt3kx/CVE-2021-21985_PoC

[CVE-2021-26855] My early SSRF payloads (CVE-2021-26855) over Exchange Server 2019… (two python exploits added)
https://github.com/alt3kx/CVE-2021-26855_PoC

Tools

🆕 Enhance your malware detection with WAF + YARA (WAFARAY) | WAFARAY Tool
https://github.com/alt3kx/wafaray

[CVE-2022-22965] Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
https://github.com/alt3kx/CVE-2022-22965

Quick WAF “paranoid” Doctor Evaluation | WAFPARAN01D3 Tool
The Web Application Firewall Paranoia Level Test Tool.

[CVE-2021-21972] (NSE checker) VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability
https://github.com/alt3kx/CVE-2021-21972

[CVE-2019–0708] Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708 https://medium.com/@alt3kx/build-an-easy-rdp-honeypot-with-raspberry-pi-3-and-observe-the-infamous-attacks-as-bluekeep-29a167f78cc1

Papers

🆕 My AWS “Segmentation Test” Methodology for Pentesters v1.0 ☁️
https://medium.com/@alt3kx/my-aws-segmentation-test-methodology-for-pentesters-v1-0-bc110753c1e9

Symantec Altiris Deployment Solution Elevation of Privileges Vulnerabilities (13048)
With sirdarckcat (VRP Leader & Web Researcher from Google Company) 🇨🇭
https://www.exploit-db.com/docs/english/13048-symantec-altiris-deployment-solution-elevation-of-privileges-vulns.pdf
http://sirdarckcat.blogspot.com/2008/09/symantec-altiris-deployment-solution.html

An Insecurity Overview of the March Networks DVR-CCTV 3204 (13060)
https://www.exploit-db.com/docs/english/13060-an-insecurity-overview-of-the-march-networks-dvr-cctv-3204.pdf

Tactical-Exploitation-and-Response-Over-Solaris-Sparc-5.8-5.9-Systems (13072)
https://www.exploit-db.com/docs/english/13072-tactical-exploitation-and-response-over-solaris-sparc-5.8–5.9-systems.pdf

Having Fun with “Sensor Appliance” Proventia GX5108 & GX5008 Insecurities Part One (13081)
https://www.exploit-db.com/docs/english/13081-having-fun-with-proventia-gx5108-&-gx5008-insecurities.pdf

IoT Pentesting / Security Projects

🆕 “Zovek” , My Offensive IoT Redteam Implant v1.0
https://medium.com/@alt3kx/zovek-my-offensive-iot-redteam-implant-v1-0-f9787217fec0

Zovek (1)	Zovek (2)

Contributor on Security Projects/Research

Metasploit Framework

1667149332665

🆕 Body of research on CVE-2022-1388, (Metasploit Framework / Rapid7) 🇺🇸 new exploit module available
See the linked reference, mention , credits and code here:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/f5_icontrol_rce.rb

Body of research on CVE-2021-215, (Metasploit Framework / Rapid7) 🇺🇸 new exploit module available
See the linked reference, mention , credits and code here:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb

Build your own RDP Honeypot by Chapin Bryce (DFIR professional, Co-author of Learning Python for Forensics & Python Forensics Cookbook) 🇺🇸
See the linked reference, mention , credits and code here:
https://medium.com/pythonic-forensics/build-your-own-rdp-honeypot-24c1687cb7e9
https://github.com/chapinb

My Aircrack-ng contribution with Thomas d’Otreppe (Wireless security researcher and author of Aircrack-ng) 🇧🇪
See the linked reference, mention , credits and code here:
https://www.aircrack-ng.org/doku.php?id=airdecloak-ng
https://github.com/alt3kx/airdecloak-ng

My contribution VUPEN (French Company 🇫🇷 ) IBM Proventia IDS/IPS Exploitation (CVE-2007-3830), (CVE-2007-3831)

VUPEN research (VUPEN ADV-2007-2545)

https://www.vupen.com/english/advisories/2007/2545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3831

Books

l337 friends mentions ;-)

Buy it on Amazon: Nmap 6: Network Exploration and Security Auditing Cookbook 💥

_	_	_