alt3kx

View on GitHub

alt3kx.github.io

RedTeamer | PentTester | Bug Bounty | 0day guy! | Researcher | Lone Wolf…
https://github.com/alt3kx | @alt3kx@infosec.exchange on Mastodon @alt3kx

My Exploit-db reference at:

https://www.exploit-db.com/author/?a=1074
https://www.exploit-db.com/author/?a=9576

A handy collection of my public Exploits & CVE’s, all available on

https://www.exploit-db.com and https://cve.mitre.org

CVE’s

MicroFocus Reward + Critical $XX,000 USD (Back) MicroFocus Reward (Front)
swag_back swag_front

[CVE-2019-10685] Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10685

[CVE-2018-12596] Ektron CMS 9.20 SP2 allows remote attackers to call aspx pages via the “activateuser.aspx” page
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12596

[CVE-2018-7690] A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7690

[CVE-2018-7691] A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7691

[CVE-2018-12463] An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463

[CVE-2018-10732] The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10732

[CVE-2009-4118] Cisco VPN Client - Integer Overflow Denial of Service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4118

[CVE-2008-6827] Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6827

[CVE-2007-6638] March Networks DVR 3204 - Logfile Information Disclosure
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6638

[CVE-2007-5036] Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2586

[CVE-2007-3831] PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3831

[CVE-2007-3830] IBM Proventia Sensor Appliance - Multiple Input Validation Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3830

[CVE-2004-2549] Nortel Wireless LAN Access Point 2200 Series - Denial of Service
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2549

[CVE-2002-0991] Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0991

[CVE-2002-0740] SLRNPull Spool Directory Command Line Parameter Buffer Overflow Vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0740

[CVE-2002-0448] Xerver 2.10 - Multiple Request Denial of Service Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0448

[CVE-2002-0348] service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0348

[CVE-2002-0347] Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0347

[CVE-2002-0346] Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0346

[CVE-2002-0289] Phusion WebServer 1.0 - ‘URL’ Remote Buffer Overflow
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0289

[CVE-2002-0288] Phusion WebServer 1.0 - Directory Traversal (1)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288

[CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to execute arbitrary code
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0201

[CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200

[CVE-2001-1442] ISC INN 2.x - Command-Line Buffer Overflow
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1442

[CVE-2001-0934] Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0934

[CVE-2001-0933] Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933

[CVE-2001-0932] Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service Vulnerabilities
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0932

[CVE-2001-0931] Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0931

[CVE-2001-0758] Directory traversal vulnerability in Shambala 4.5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0758

[CVE-2001-0680] Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0680

CTF Games

SANS ToC Champion 2023 as solo category SANS ToC Champion 2023 as solo category
0 1
SANS Tournament of Champions 2022 (special invite) KringleCon 2022 Hoodie Winner
1 hoodie
SANS Tournament of Champions 2021 (special invite) SANS Tournament of Champions 2021 (special invite)
1 3
SANS Tournament of Champions 2021 SANS Tournament of Champions 2021
1 3
Offensive & Defensive, DFIR and Cloud l337 SANS Coins KringleCon 2020 Hoodie Winner
SANS_coins hoodie

SANS loot 2023:

🆕 SANS Holiday Hack Challenge 2023: Holiday Hack Challenge VI: A Holiday Odyssey 2023 100% achieved 💯
https://2023.holidayhackchallenge.com/

Holiday Hack Challenge VI: A Holiday Odyssey 2023 Holiday Hack Challenge VI: A Holiday Odyssey 2023 Holiday Hack Challenge VI: A Holiday Odyssey 2023
1 2 3

SANS Tournament of Champions 2023 🇺🇸: SANS NetWars v9 Tournament of Champions ToC (in person) | (Trophy, coin & commemorative coin achived) 🏆🏆🏆
https://ranges.io
toc2023

SANS Holiday Hack Challenge 2022: KringleCon V: Golden Rings 2022 Write-Up disclosed 💯
https://alt3kx.github.io/CTF_writeup/holidayhack/2022/index.html
https://www.sans.org/mlp/holiday-hack-challenge/ (Submission deadline of January 6, 2023)

alt3kx_KringleCon_2022_Write-Up

SANS loot 2022:

SANS Holiday Hack Challenge 2022: KringleCon V: Golden Rings 2022 100% achieved 💯
https://2022.kringlecon.com/

KringleCon V: Golden Rings 2022 KringleCon V: Golden Rings 2022 KringleCon V: Golden Rings 2022
01 02 03

SANS Tournament of Champions 2022: SANS Tournament of Champions 2022 4th Veteran Individual Top Leader-Board 4th place 🥉
https://ranges.io

SANS Tournament of Champions 2022 SANS Tournament of Champions 2022
1 3

SANS National French CTF 2022 🇫🇷: SANS National French CTF 2022, Top Leader-Board 1st place (Gold Medal achieved) 🏆
https://ranges.io
github_02

SANS loot 2021:

SANS Tournament of Champions 2021: SANS ToC Champions 2021 (special invite) (Coin achieved) 🏆
SANS Tournament of Champions 2021: SANS ToC Champions 2021 (Coin achieved) 🏆
SANS France CTF 🇫🇷: SANS France BootUp 2021, Top Leader-Board 2nd place (Silver Medal achieved) 🥈
SANS SEC542: Web App Penetration Testing and Ethical Hacking (Coin achieved) 🏆
SANS SEC560: Network Penetration Testing and Ethical Hacking (Coin achieved) 🏆

NCL loot 2024:

🆕 National Cyber League (NCL) 🇺🇸: Spring 2024, Team competition, (Champions!!, 3rd Place) (Trophy & Plaque) 🏆🥉🎉
https://cyberskyline.com/hosted_events/ncl-spring-2024/ scorebard_github_27 APR 24

National Cyber League (NCL) 🇺🇸: Spring 2024, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2024/ ncl_spring_2024

NCL loot 2023:

National Cyber League (NCL) 🇺🇸: Fall 2023, Team competition, (Top10 team) 🏆
https://cyberskyline.com/hosted_events/ncl-fall-2023/ ncl_fall_2023

leaderboard

National Cyber League (NCL) 🇺🇸: Fall 2023, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-fall-2023/ ncl_fall_2023

NCL Spring 2023, individual competition (coin) NCL Spring 2023, individual competition (t-shirt)
1 3

National Cyber League (NCL) 🇺🇸: Spring 2023, Team competition, (Top10 team) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2023/ ncl_spring_2023

leaderboard

National Cyber League (NCL) 🇺🇸: Spring 2023, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2023/ ncl_spring_2023

Magnet Forensics loot 2023:

🆕 Magnet Forensics CTF 🇺🇸: Magnet User Summit 2023 CTF, individual competition 🏁
https://www.magnetforensics.com/

Magnet User Summit 2023 CTF Magnet User Summit 2023 CTF (scoreboard)
MUS23_CTF_Logo-4 MUS23_CTF_scoreboard

AWS + HackerOne loot 2021:

HackerOne’s first-ever AWS CTF: AWS + HackerOne, Solved (New private invitation achieved) 💰
Hackeone BugBounty Private invites: 6️⃣ 💰💰💰💰💰💰

BugCrowd loot 2022:
“The Lure Challenge ,don’t be afraid …“ 🇺🇸 BugCrowd Halloween Challange 2022 solved, (Reward achieved) 🏆
https://twitter.com/Bugcrowd

. .

BugCrowd loot 2021:
BugCrowd BugBounty Private Invites: 1️⃣ 💰

Yeswehack! loot 2024:

🆕 Dojo Challenge #35 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-35
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_35/

Dojo Challenge #35 Dojo Challenge #35 Flag
chall35 chall35

Dojo Challenge #34 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-34
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_34/

Dojo Challenge #34 Dojo Challenge #34 Flag
chall34 chall34a

Dojo Challenge #33 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-33
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_33/

Dojo Challenge #33 Dojo Challenge #33 Flag
chall33 chall33a

Dojo Challenge #32 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-32
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_32/

Dojo Challenge #32 Dojo Challenge #32 Flag
chall32 chall32a

Dojo Challenge #31 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/Dojo-31
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_31/

Dojo Challenge #31 Dojo Challenge #31 Flag
chall31 chall31a

Dojo Challenge #30 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/Dojo-30
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_30/

Dojo Challenge #30 Dojo Challenge #30 Flag
chal30 chal30a

Yeswehack! loot 2023:

Dojo Challenge #29 🇫🇷: Swag pack received, special Dojo XMAS (2023) challenge!!! 🏆
https://dojo-yeswehack.com/practice/ec2ca31dc37d

Yeswehack! swag 1 Yeswehack! swag 2 Yeswehack! swag 3 Yeswehack! swag 4
0 1 2 3

Dojo Challenge #29 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/practice/ec2ca31dc37d
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2023/dojo_29

Dojo Challenge #29 Dojo Challenge #29 Flag
chal29a chall29c

Dojo Challenge #28 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/practice/e0626b14ae4f
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2023/dojo_28

Dojo Challenge #28 Dojo Challenge #28 Flag
chall28 14

Yeswehack! loot 2022:
Dojo Challenge #19 🇫🇷: Swag pack, winner!!! 🏆
https://blog.yeswehack.com/dojo/dojo-challenge-19-winners

Yeswehack! swag 1 Yeswehack! swag 2 Yeswehack! swag 3 Yeswehack! swag 4
swagg_01 swagg_02 swagg_03 swagg_4

Dojo Challenge #19 🇫🇷: Solved!: winner!!! 🏆
https://blog.yeswehack.com/dojo/dojo-challenge-19-winners
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2022/dojo_19

Dojo Challenge #19 Winners Dojo Challenge Flag #19
winners flag

Yeswehack! loot 2021:
Yeswehack! BugBounty Private Invites: 1️⃣ 💰

Global CyberPeace Challenge:

Capture The Flag [IT] Global CyberPeace Challenge 2.0 2021 (Finalist achieved) 🏆
https://cyberchallenge.net

CTF Global CypberPeace 2.0 2021 (Medal) CTF Global CypberPeace 2.0 2021 (Swag)
3 1

SANS loot 2020:

SANS SEC588: Cloud Penetration Testing (Coin achieved) 🏆
SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking (Coin achieved) 🏆
SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques (Coin achieved) 🏆
SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling (Coin achieved) 🏆
SANS Core NetWars Tournament 1st place (Coin achieved ) 🏆
SANS Cyber Defense NetWars Tournament 1st place (Coin achieved) 🏆
SANS NetWars Tournament of Champions (Top 10 teams/Coin achieved) 🏆
SANS Community CTF Tournament of Champions (Top player achieved) 🏆
SANS Mini-Netwars CTF winners (Hall of fame achieved) 🏆
https://www.counterhackchallenges.com/winners
SANS Holiday Hack Challenge KringleCon 2020 (Winner/Hoodie achieved) 🏆

PoCs (Proof of Concept)

🆕 [CVE-2023-24055] PoC CVE-2023-24055 | KeePass 2.5x export trigger injection (My early PoC)
https://github.com/alt3kx/CVE-2023-24055_PoC

[CVE-2022-1388] (PoC) CVE-2022-1388 | F5 BIG-IP RCE exploitation
https://github.com/alt3kx/CVE-2022-1388_PoC

[CVE-2022-22965] (PoC) CVE-2022-22965 | Spring Framework RCE exploitation (Quick pentest notes)
https://github.com/alt3kx/CVE-2022-22965_PoC

[CVE-2021-21985] (PoC) CVE-2021-26084 | Confluence Server Webwork OGNL injection
https://github.com/alt3kx/CVE-2021-26084_PoC

[CVE-2021-21985] (PoC & NSE checker) VMware vCenter Server CVE-2021-21985 RCE Virtual SAN Health Check plug-in
https://github.com/alt3kx/CVE-2021-21985_PoC

[CVE-2021-26855] My early SSRF payloads (CVE-2021-26855) over Exchange Server 2019… (two python exploits added)
https://github.com/alt3kx/CVE-2021-26855_PoC

Tools

🆕 Enhance your malware detection with WAF + YARA (WAFARAY) | WAFARAY Tool
https://github.com/alt3kx/wafaray

[CVE-2022-22965] Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
https://github.com/alt3kx/CVE-2022-22965

Quick WAF “paranoid” Doctor Evaluation | WAFPARAN01D3 Tool
The Web Application Firewall Paranoia Level Test Tool.

[CVE-2021-21972] (NSE checker) VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability
https://github.com/alt3kx/CVE-2021-21972

[CVE-2019–0708] Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708 https://medium.com/@alt3kx/build-an-easy-rdp-honeypot-with-raspberry-pi-3-and-observe-the-infamous-attacks-as-bluekeep-29a167f78cc1

Papers

🆕 My AWS “Segmentation Test” Methodology for Pentesters v1.0 ☁️
https://medium.com/@alt3kx/my-aws-segmentation-test-methodology-for-pentesters-v1-0-bc110753c1e9

Symantec Altiris Deployment Solution Elevation of Privileges Vulnerabilities (13048)
With sirdarckcat (VRP Leader & Web Researcher from Google Company) 🇨🇭
https://www.exploit-db.com/docs/english/13048-symantec-altiris-deployment-solution-elevation-of-privileges-vulns.pdf
http://sirdarckcat.blogspot.com/2008/09/symantec-altiris-deployment-solution.html

An Insecurity Overview of the March Networks DVR-CCTV 3204 (13060)
https://www.exploit-db.com/docs/english/13060-an-insecurity-overview-of-the-march-networks-dvr-cctv-3204.pdf

Tactical-Exploitation-and-Response-Over-Solaris-Sparc-5.8-5.9-Systems (13072)
https://www.exploit-db.com/docs/english/13072-tactical-exploitation-and-response-over-solaris-sparc-5.8–5.9-systems.pdf

Having Fun with “Sensor Appliance” Proventia GX5108 & GX5008 Insecurities Part One (13081)
https://www.exploit-db.com/docs/english/13081-having-fun-with-proventia-gx5108-&-gx5008-insecurities.pdf

IoT Pentesting / Security Projects

🆕 “Zovek” , My Offensive IoT Redteam Implant v1.0
https://medium.com/@alt3kx/zovek-my-offensive-iot-redteam-implant-v1-0-f9787217fec0

Zovek (1) Zovek (2)
zovek1 zovek2

Contributor on Security Projects/Research

Metasploit Framework

1667149332665

🆕 Body of research on CVE-2022-1388, (Metasploit Framework / Rapid7) 🇺🇸 new exploit module available
See the linked reference, mention , credits and code here:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/f5_icontrol_rce.rb

Body of research on CVE-2021-215, (Metasploit Framework / Rapid7) 🇺🇸 new exploit module available
See the linked reference, mention , credits and code here:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb

Build your own RDP Honeypot by Chapin Bryce (DFIR professional, Co-author of Learning Python for Forensics & Python Forensics Cookbook) 🇺🇸
See the linked reference, mention , credits and code here:
https://medium.com/pythonic-forensics/build-your-own-rdp-honeypot-24c1687cb7e9
https://github.com/chapinb

My Aircrack-ng contribution with Thomas d’Otreppe (Wireless security researcher and author of Aircrack-ng) 🇧🇪
See the linked reference, mention , credits and code here:
https://www.aircrack-ng.org/doku.php?id=airdecloak-ng
https://github.com/alt3kx/airdecloak-ng

My contribution VUPEN (French Company 🇫🇷 ) IBM Proventia IDS/IPS Exploitation (CVE-2007-3830), (CVE-2007-3831)

VUPEN research (VUPEN ADV-2007-2545)

https://www.vupen.com/english/advisories/2007/2545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3831

Books

l337 friends mentions ;-)

Buy it on Amazon: Nmap 6: Network Exploration and Security Auditing Cookbook 💥

_ _ _
Nmap1 Nmap2 Nmap3