tanaka tanaka-geek

PrinterLogic SaaS, multiple vulnerabilities

PrinterLogic's Enterprise Print Management software allows IT professionals to simplify printer driver management and empower end users. -- https://www.printerlogic.com/

Background

The following findings were identified by performing both dynamic testing of the PrinterLogic SaaS platform and code analysis of the source code contained in the virtual appliance available for download from the PrinterLogic website (Build 1.0.757: July 29th, 2022).

TokyoWesterns CTF 2020 | writeups by @terjanq

Urlcheck v1 (98 points, 160 solves)

The goal was to bypass WAF protection to access local resources.

app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')

def valid_ip(ip):
 matches = app.re_ip.match(ip)

MongoDB Cheat Sheet

Show All Databases

show dbs

Show Current Database

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

Product Security Testing

IDA Pro and Decompilers Website
Software Security Testing
Introduction to Risk Analysis
Introduction to Fuzzing
The Art Of Software Security Assessment", by Mark Dowd, McDonald, Schuh, 2006
- *Not on the recommended list, but a useful resource

Crypto

*Not on the recommended lists, but I think SANS would be better off having students just work on these all day

Windows 10 Active process

Step 1. Fast create a .txt file.
step 2. Then Copy this .text and past on the .txt file .

@echo off
title Windows 10 ALL version activator&cls&echo ************************************ 
&echo Copyright: Youtube: ithelpbd.com &echo.&echo Supported products:&echo - Windows 10 Home&echo - Windows 10 Professional&echo - Windows 10 Enterprise, Enterprise LTSB&echo - Windows 10 Education&echo.&echo.&echo ************************************ &echo Windows 10 activation...
cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul

	% Wra7h/FlavorTown
	% MATLAB version: R2023a
	% Tested on Win10 x64

	if not(libisloaded('kernel32'))
	loadlibrary('kernel32.dll', @kernel32proto);
	end

	if not(libisloaded('msvcrt'))
	loadlibrary('msvcrt.dll', @msvcrtproto);

	# Simple script to check drivers in C:\windows\system32\drivers against the loldrivers list
	# Author: Oddvar Moe - @oddvar.moe

	$drivers = get-childitem -Path c:\windows\system32\drivers
	$web_client = new-object system.net.webclient
	$loldrivers = $web_client.DownloadString(" https://www.loldrivers.io/api/drivers.json") \| ConvertFrom-Json

	Write-output("Checking {0} drivers in C:\windows\system32\drivers against loldrivers.io json file" -f $drivers.Count)
	foreach ($lol in $loldrivers.KnownVulnerableSamples)
	{

	#!/usr/bin/python3
	from __future__ import division
	from __future__ import print_function
	import re
	import codecs
	import logging
	import time
	import argparse
	import sys
	from impacket import version

	$Win32 = @"
	using System;
	using System.Runtime.InteropServices;

	public class Win32 {

	[DllImport("kernel32")]
	public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);

	[DllImport("kernel32")]