CVE-2016-1926 - XSS in the Greenbone Security Assistant

Recently Tim has been working with the software framework “OpenVAS” (“Open Vulnerability Assessment System”). This software is open source so we spent some evenings looking for bugs in the webfrontend, the Greenbone Security Assistant. After some time Sebastian found two bugs and we were able to submit those - they are fixed now.

Looking back at 2015

It has become tradition to write a short review of the last year and the plans for the next one.

Disassembling another spam mail

Today Sebastian opened his mailbox and saw a new email popping up. You have received fax, document 00311594 from with a file attached. Let’s have a closer look at it :)

Ekoparty CTF 2015 - Writeups

The evening after the hacklu CTF I had the urge to hack on some other challenges. listed the ekoparty CTF 2015 as the first entry and there was one day left. In this blogpost I’m going to write up my solutions for the following challenges:

  • Slogans ( Trv 50)
  • SSL Attack (Trv 90)
  • Blocking truck (Trv 100)
  • Pass Check (Web 50)
  • XOR Crypter (Cry 200)
  • Press it (Misc 100)

And some notes on other services I’ve tackled.

Hacklu CTF 2015 Writeups

During the last two days, the Hacklu CTF 2015 was held. It’s a jeopardy-style CTF and Sebastian joined to have some fun ;) Here’s the writeup of the following challenges:

  • Module Loader (Web, 100)
  • PHP Golf (Coding, 75)
  • Guessthenumber (Coding, 150)
  • Bashful (Web, 200)

Don’t publicly expose .git or how we downloaded your website’s sourcecode - An analysis of Alexa’s 1M

Sebastian participated in a CTF (capture the flag) a couple of months ago. One challenge he faced was the task of restoring a git repository from a directory listing enabled webserver. With directory listing, it was pretty easy, but Sebastian was curious if it’s possible to restore git respositories without directory listing and how common this misconfiguration flaw is.

With that idea in mind, we began to develop some tiny tools and started to do some research. The results were not as bad as anticipated, but nevertheless surprising.

Scanning Alexa’s Top 1M for AXFR

In this blogpost we will discuss a simple information disclosure problem called unauthorized AXFR. This can be used to leak DNS settings of a particular target, thus revealing internal / private considered DNS entries.

We’ve checked Alexa’s Top 1M for this kind of issue and came to some interesting results.