alt3kx.github.io
RedTeamer | PentTester | Bug Bounty | 0day guy! | Researcher | Lone Wolf…
https://github.com/alt3kx | @alt3kx
My Exploit-db reference at:
https://www.exploit-db.com/author/?a=1074
https://www.exploit-db.com/author/?a=9576
A handy collection of my public Exploits & CVE’s, all available on
https://www.exploit-db.com and https://cve.mitre.org
CVE’s
MicroFocus Reward + Critical $XX,000 USD (Back) | MicroFocus Reward (Front) |
---|---|
[CVE-2019-10685] Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10685
[CVE-2018-12596] Ektron CMS 9.20 SP2 allows remote attackers to call aspx pages via the “activateuser.aspx” page
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12596
[CVE-2018-7690] A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7690
[CVE-2018-7691] A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7691
[CVE-2018-12463] An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463
[CVE-2018-10732] The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10732
[CVE-2009-4118] Cisco VPN Client - Integer Overflow Denial of Service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4118
[CVE-2008-6827] Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6827
[CVE-2007-6638] March Networks DVR 3204 - Logfile Information Disclosure
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6638
[CVE-2007-5036] Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2586
[CVE-2007-3831] PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3831
[CVE-2007-3830] IBM Proventia Sensor Appliance - Multiple Input Validation Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3830
[CVE-2004-2549] Nortel Wireless LAN Access Point 2200 Series - Denial of Service
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2549
[CVE-2002-0991] Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0991
[CVE-2002-0740] SLRNPull Spool Directory Command Line Parameter Buffer Overflow Vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0740
[CVE-2002-0448] Xerver 2.10 - Multiple Request Denial of Service Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0448
[CVE-2002-0348] service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0348
[CVE-2002-0347] Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0347
[CVE-2002-0346] Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0346
[CVE-2002-0289] Phusion WebServer 1.0 - ‘URL’ Remote Buffer Overflow
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0289
[CVE-2002-0288] Phusion WebServer 1.0 - Directory Traversal (1)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288
[CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to execute arbitrary code
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0201
[CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200
[CVE-2001-1442] ISC INN 2.x - Command-Line Buffer Overflow
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1442
[CVE-2001-0934] Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0934
[CVE-2001-0933] Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933
[CVE-2001-0932] Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service Vulnerabilities
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0932
[CVE-2001-0931] Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0931
[CVE-2001-0758] Directory traversal vulnerability in Shambala 4.5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0758
[CVE-2001-0680] Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0680
CTF Games
SANS ToC Champion 2023 as solo category | SANS ToC Champion 2023 as solo category |
---|---|
SANS Tournament of Champions 2022 (special invite) | KringleCon 2022 Hoodie Winner |
---|---|
SANS Tournament of Champions 2021 (special invite) | SANS Tournament of Champions 2021 (special invite) |
---|---|
SANS Tournament of Champions 2021 | SANS Tournament of Champions 2021 |
---|---|
Offensive & Defensive, DFIR and Cloud l337 SANS Coins | KringleCon 2020 Hoodie Winner |
---|---|
SANS loot 2023:
🆕 SANS Holiday Hack Challenge 2023: Holiday Hack Challenge VI: A Holiday Odyssey 2023 100% achieved 💯
https://2023.holidayhackchallenge.com/
Holiday Hack Challenge VI: A Holiday Odyssey 2023 | Holiday Hack Challenge VI: A Holiday Odyssey 2023 | Holiday Hack Challenge VI: A Holiday Odyssey 2023 |
---|---|---|
SANS Tournament of Champions 2023 🇺🇸: SANS NetWars v9 Tournament of Champions ToC (in person) | (Trophy, coin & commemorative coin achived) 🏆🏆🏆
https://ranges.io
SANS Holiday Hack Challenge 2022: KringleCon V: Golden Rings 2022 Write-Up disclosed 💯
https://alt3kx.github.io/CTF_writeup/holidayhack/2022/index.html
https://www.sans.org/mlp/holiday-hack-challenge/ (Submission deadline of January 6, 2023)
SANS loot 2022:
SANS Holiday Hack Challenge 2022: KringleCon V: Golden Rings 2022 100% achieved 💯
https://2022.kringlecon.com/
KringleCon V: Golden Rings 2022 | KringleCon V: Golden Rings 2022 | KringleCon V: Golden Rings 2022 |
---|---|---|
SANS Tournament of Champions 2022: SANS Tournament of Champions 2022 4th Veteran Individual Top Leader-Board 4th place 🥉
https://ranges.io
SANS Tournament of Champions 2022 | SANS Tournament of Champions 2022 |
---|---|
SANS National French CTF 2022 🇫🇷: SANS National French CTF 2022, Top Leader-Board 1st place (Gold Medal achieved) 🏆
https://ranges.io
SANS loot 2021:
SANS Tournament of Champions 2021: SANS ToC Champions 2021 (special invite) (Coin achieved) 🏆
SANS Tournament of Champions 2021: SANS ToC Champions 2021 (Coin achieved) 🏆
SANS France CTF 🇫🇷: SANS France BootUp 2021, Top Leader-Board 2nd place (Silver Medal achieved) 🥈
SANS SEC542: Web App Penetration Testing and Ethical Hacking (Coin achieved) 🏆
SANS SEC560: Network Penetration Testing and Ethical Hacking (Coin achieved) 🏆
NCL loot 2024:
🆕 National Cyber League (NCL) 🇺🇸: Spring 2024, Team competition, (Champions!!, 3rd Place) (Trophy & Plaque) 🏆🥉🎉
https://cyberskyline.com/hosted_events/ncl-spring-2024/
National Cyber League (NCL) 🇺🇸: Spring 2024, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2024/
NCL loot 2023:
National Cyber League (NCL) 🇺🇸: Fall 2023, Team competition, (Top10 team) 🏆
https://cyberskyline.com/hosted_events/ncl-fall-2023/
National Cyber League (NCL) 🇺🇸: Fall 2023, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-fall-2023/
NCL Spring 2023, individual competition (coin) | NCL Spring 2023, individual competition (t-shirt) |
---|---|
National Cyber League (NCL) 🇺🇸: Spring 2023, Team competition, (Top10 team) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2023/
National Cyber League (NCL) 🇺🇸: Spring 2023, individual competition, (top player) (Coin achieved) 🏆
https://cyberskyline.com/hosted_events/ncl-spring-2023/
Magnet Forensics loot 2023:
🆕 Magnet Forensics CTF 🇺🇸: Magnet User Summit 2023 CTF, individual competition 🏁
https://www.magnetforensics.com/
Magnet User Summit 2023 CTF | Magnet User Summit 2023 CTF (scoreboard) |
---|---|
AWS + HackerOne loot 2021:
HackerOne’s first-ever AWS CTF: AWS + HackerOne, Solved (New private invitation achieved) 💰
Hackeone BugBounty Private invites: 6️⃣ 💰💰💰💰💰💰
BugCrowd loot 2022:
“The Lure Challenge ,don’t be afraid …“ 🇺🇸 BugCrowd Halloween Challange 2022 solved, (Reward achieved) 🏆
https://twitter.com/Bugcrowd
. | . |
---|---|
BugCrowd loot 2021:
BugCrowd BugBounty Private Invites: 1️⃣ 💰
Yeswehack! loot 2024:
🆕 Dojo Challenge #35 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-35
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_35/
Dojo Challenge #35 | Dojo Challenge #35 Flag |
---|---|
Dojo Challenge #34 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-34
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_34/
Dojo Challenge #34 | Dojo Challenge #34 Flag |
---|---|
Dojo Challenge #33 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-33
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_33/
Dojo Challenge #33 | Dojo Challenge #33 Flag |
---|---|
Dojo Challenge #32 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/dojo-32
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_32/
Dojo Challenge #32 | Dojo Challenge #32 Flag |
---|---|
Dojo Challenge #31 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/Dojo-31
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_31/
Dojo Challenge #31 | Dojo Challenge #31 Flag |
---|---|
Dojo Challenge #30 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/challenge-of-the-month/Dojo-30
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2024/dojo_30/
Dojo Challenge #30 | Dojo Challenge #30 Flag |
---|---|
Yeswehack! loot 2023:
Dojo Challenge #29 🇫🇷: Swag pack received, special Dojo XMAS (2023) challenge!!! 🏆
https://dojo-yeswehack.com/practice/ec2ca31dc37d
Yeswehack! swag 1 | Yeswehack! swag 2 | Yeswehack! swag 3 | Yeswehack! swag 4 |
---|---|---|---|
Dojo Challenge #29 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/practice/ec2ca31dc37d
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2023/dojo_29
Dojo Challenge #29 | Dojo Challenge #29 Flag |
---|---|
Dojo Challenge #28 🇫🇷: Solved!: Write-Up disclosed 💯
https://dojo-yeswehack.com/practice/e0626b14ae4f
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2023/dojo_28
Dojo Challenge #28 | Dojo Challenge #28 Flag |
---|---|
Yeswehack! loot 2022:
Dojo Challenge #19 🇫🇷: Swag pack, winner!!! 🏆
https://blog.yeswehack.com/dojo/dojo-challenge-19-winners
Yeswehack! swag 1 | Yeswehack! swag 2 | Yeswehack! swag 3 | Yeswehack! swag 4 |
---|---|---|---|
Dojo Challenge #19 🇫🇷: Solved!: winner!!! 🏆
https://blog.yeswehack.com/dojo/dojo-challenge-19-winners
https://github.com/alt3kx/CTF_writeups/tree/main/yeswehack/2022/dojo_19
Dojo Challenge #19 Winners | Dojo Challenge Flag #19 |
---|---|
Yeswehack! loot 2021:
Yeswehack! BugBounty Private Invites: 1️⃣ 💰
Global CyberPeace Challenge:
Capture The Flag [IT] Global CyberPeace Challenge 2.0 2021 (Finalist achieved) 🏆
https://cyberchallenge.net
CTF Global CypberPeace 2.0 2021 (Medal) | CTF Global CypberPeace 2.0 2021 (Swag) |
---|---|
SANS loot 2020:
SANS SEC588: Cloud Penetration Testing (Coin achieved) 🏆
SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking (Coin achieved) 🏆
SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques (Coin achieved) 🏆
SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling (Coin achieved) 🏆
SANS Core NetWars Tournament 1st place (Coin achieved ) 🏆
SANS Cyber Defense NetWars Tournament 1st place (Coin achieved) 🏆
SANS NetWars Tournament of Champions (Top 10 teams/Coin achieved) 🏆
SANS Community CTF Tournament of Champions (Top player achieved) 🏆
SANS Mini-Netwars CTF winners (Hall of fame achieved) 🏆
https://www.counterhackchallenges.com/winners
SANS Holiday Hack Challenge KringleCon 2020 (Winner/Hoodie achieved) 🏆
PoCs (Proof of Concept)
🆕 [CVE-2023-24055] PoC CVE-2023-24055 | KeePass 2.5x export trigger injection (My early PoC)
https://github.com/alt3kx/CVE-2023-24055_PoC
[CVE-2022-1388] (PoC) CVE-2022-1388 | F5 BIG-IP RCE exploitation
https://github.com/alt3kx/CVE-2022-1388_PoC
[CVE-2022-22965] (PoC) CVE-2022-22965 | Spring Framework RCE exploitation (Quick pentest notes)
https://github.com/alt3kx/CVE-2022-22965_PoC
[CVE-2021-21985] (PoC) CVE-2021-26084 | Confluence Server Webwork OGNL injection
https://github.com/alt3kx/CVE-2021-26084_PoC
[CVE-2021-21985] (PoC & NSE checker) VMware vCenter Server CVE-2021-21985 RCE Virtual SAN Health Check plug-in
https://github.com/alt3kx/CVE-2021-21985_PoC
[CVE-2021-26855] My early SSRF payloads (CVE-2021-26855) over Exchange Server 2019… (two python exploits added)
https://github.com/alt3kx/CVE-2021-26855_PoC
Tools
🆕 Enhance your malware detection with WAF + YARA (WAFARAY) | WAFARAY Tool
https://github.com/alt3kx/wafaray
[CVE-2022-22965] Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
https://github.com/alt3kx/CVE-2022-22965
Quick WAF “paranoid” Doctor Evaluation | WAFPARAN01D3 Tool
The Web Application Firewall Paranoia Level Test Tool.
[CVE-2021-21972] (NSE checker) VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability
https://github.com/alt3kx/CVE-2021-21972
[CVE-2019–0708] Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
https://medium.com/@alt3kx/build-an-easy-rdp-honeypot-with-raspberry-pi-3-and-observe-the-infamous-attacks-as-bluekeep-29a167f78cc1
Papers
🆕 My AWS “Segmentation Test” Methodology for Pentesters v1.0 ☁️
https://medium.com/@alt3kx/my-aws-segmentation-test-methodology-for-pentesters-v1-0-bc110753c1e9
Symantec Altiris Deployment Solution Elevation of Privileges Vulnerabilities (13048)
With sirdarckcat (VRP Leader & Web Researcher from Google Company) 🇨🇭
https://www.exploit-db.com/docs/english/13048-symantec-altiris-deployment-solution-elevation-of-privileges-vulns.pdf
http://sirdarckcat.blogspot.com/2008/09/symantec-altiris-deployment-solution.html
An Insecurity Overview of the March Networks DVR-CCTV 3204 (13060)
https://www.exploit-db.com/docs/english/13060-an-insecurity-overview-of-the-march-networks-dvr-cctv-3204.pdf
Tactical-Exploitation-and-Response-Over-Solaris-Sparc-5.8-5.9-Systems (13072)
https://www.exploit-db.com/docs/english/13072-tactical-exploitation-and-response-over-solaris-sparc-5.8–5.9-systems.pdf
Having Fun with “Sensor Appliance” Proventia GX5108 & GX5008 Insecurities Part One (13081)
https://www.exploit-db.com/docs/english/13081-having-fun-with-proventia-gx5108-&-gx5008-insecurities.pdf
IoT Pentesting / Security Projects
🆕 “Zovek” , My Offensive IoT Redteam Implant v1.0
https://medium.com/@alt3kx/zovek-my-offensive-iot-redteam-implant-v1-0-f9787217fec0
Zovek (1) | Zovek (2) |
---|---|
Contributor on Security Projects/Research
Metasploit Framework
🆕 Body of research on CVE-2022-1388, (Metasploit Framework / Rapid7) 🇺🇸 new exploit module available
See the linked reference, mention , credits and code here:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/f5_icontrol_rce.rb
Body of research on CVE-2021-215, (Metasploit Framework / Rapid7) 🇺🇸 new exploit module available
See the linked reference, mention , credits and code here:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb
Build your own RDP Honeypot by Chapin Bryce (DFIR professional, Co-author of Learning Python for Forensics & Python Forensics Cookbook) 🇺🇸
See the linked reference, mention , credits and code here:
https://medium.com/pythonic-forensics/build-your-own-rdp-honeypot-24c1687cb7e9
https://github.com/chapinb
My Aircrack-ng contribution with Thomas d’Otreppe (Wireless security researcher and author of Aircrack-ng) 🇧🇪
See the linked reference, mention , credits and code here:
https://www.aircrack-ng.org/doku.php?id=airdecloak-ng
https://github.com/alt3kx/airdecloak-ng
My contribution VUPEN (French Company 🇫🇷 ) IBM Proventia IDS/IPS Exploitation (CVE-2007-3830), (CVE-2007-3831)
VUPEN research (VUPEN ADV-2007-2545)
https://www.vupen.com/english/advisories/2007/2545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3831
Books
l337 friends mentions ;-)
Buy it on Amazon: Nmap 6: Network Exploration and Security Auditing Cookbook 💥
_ | _ | _ |
---|---|---|