2016

View all on this date written articles further down below.
19 Oct 2016

New Powershell Mass Encrypt and Decrypt modules

PowerSploit's Out-Encrypted.ps1 handles / encrypts one script at a time; encrypted file needs to be decrypted manually and then executed. Wrote up new Powershell Mass Encrypt and Decrypt modules to handle your favorite set of powershell scripts easily. Using PS-MassEncScript.ps1, encrypt multiple scripts with a password and a salt value, in one go. Use PS-DecScript.ps1 to decrypt & execute any of these encrypted files.

Read more

10 Sep 2016

Powersploit – AV Evasion

[Quick Notes] Powersploit - AV Evasion On my pentest engagements, I primarily use Powershell (PS) & PS based exploitation tools & frameworks like CME, Empire, Powersploit, Nishang, Veil, etc, along with Metasploit & other tools. This short writeup is one of the AV evasion scenarios. Posting here for reference.

Read more

05 Sep 2016

[ICS] Multiple vulnerabilities – Powerlogic/Schneider Electric IONXXXX series Smart Meters

Reported multiple security issues in Powerlogic/Schneider Electric IONXXXX series power meters.

Affected Devices
The following IONXXXX series power meter versions are affected:

  • ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series.

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03

CVE-IDs
CVE-2016-5809
CVE-2016-5815

Read on for details and poc.

Read more

05 Jul 2016

[ICS] RS232-NET Converter (model JTC-200) – Multiple vulnerabilities

Found multiple vulnerabilities in RS232-NET Converter (model JTC-200), and have been coordinating with ICS-CERT for quite a while now. IMHO it is time for a public disclosure.

Product details -> http://www.jantek.com.tw/en/product/73

Seen deployed in:
  • CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
  • HiNet (Taiwan & China)
  • PT Comunicacoes (Portugal)
  • Sony Network Taiwan Limited (Taiwan)
  • Vodafone Portugal (Portugal)

This hardware seems to be in use on several large corporate networks, and has a backdoor shell quietly listening in offering unauthenticated access!

Read on for details and poc.

Read more

05 Jul 2016

CIMA DocuClass Enterprise Content Management – Multiple Vulnerabilities

On a recent pentest, I came across CIMA DocuClass Enterprise Content Management application. I found multiple security vulnerabilities which can lead to unauthorized access to stored documents, access to underlying database, and code execution on the server via SQL Injection.

There has been no response from vendor as expected.

Read on for poc.

Read more