z0rs

Web Application Penetration Test

Agent execution. One agent handles all four stages sequentially. Style: Evidence-based bug hunting — no assumptions, no fabrication, no theoretical findings.

---

Workflow Overview

z0rs

Serialization Saga CTF Challenge

• Challenge: Serialization Saga
• Points: 100
• Category: Insecure Deserialization

Challenge Description

This challenge is a CTF designed to test the ability to identify and exploit insecure deserialization vulnerabilities. Participants are required to perform certain functions by exploiting these vulnerabilities and obtaining flags as a result.

Steps

z0rs

Vulnerability Assessment Report - CVE-2021-43062

Executive Summary:

I am happy to share vulnerability findings on Fortinet FortiMail, focusing on versions v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, and v6.0.11 & below. During this assessment, I was able to identify an unpatched XSS (Cross-Site Scripting) vulnerability, tagged as CVE-2021-43062. The vulnerability allowed arbitrary code execution via a specially crafted HTTP GET request to the FortiGuard URI protection service.

Product	Fortinet FortiMail
Vendor	Fortinet
Severity	Medium
Affected Versions	v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, v6.0.11 & below

z0rs

title	Server Side Template Injection via Twig Security Extension
date	2023-04-15

Overview:

Shopware is an e-commerce platform that is open source and built on the Symfony Framework and Vue.js. The default storefront of Shopware 6, called Shopware 6 Storefront, is based on Twig and Bootstrap. Users can customize the appearance of their storefront by using extensions (previously known as plugins) to override the default Twig template files. These custom themes can be enabled using the included Shopware 6 Administration panel.

Summary:

Please note that this is a bypass of CVE-2023-22731, which is being tracked as issue NEXT-24667 by Shopware.

z0rs

Network Working Group                                         C. Huitema
Request for Comments: 4380                                     Microsoft
Category: Standards Track                                  February 2006


                    Teredo: Tunneling IPv6 over UDP
              through Network Address Translations (NATs)

Status of This Memo

z0rs

list of contents

• General
• Domain Enumeration
  • Powerview Domain
  • Powerview Users, groups and computers
  • Powerview Shares
  • Powerview GPO
  • Powerview ACL
  • Powerview Domain Trust
• Misc

z0rs

list of contents

• Infrastructure
  • Redirectors
  • Domain fronting
• OpSec
  • Customer ID
• Payloads
  • DNS Beacon
• SMB Beacon

z0rs

List of contents

• Active Directory Exploitation Cheat Sheet
  • Summary
  • Tools
  • Domain Enumeration
    • Using PowerView
    • Using AD Module
    • Using BloodHound
• Remote BloodHound

z0rs

Red Teaming tool

• General usefull Powershell Scripts
• AMSI Bypass restriction Bypass
• Payload Hosting
• Network Share Scanner
• Lateral Movement
• Reverse Shellz
• POST Exploitation