May 21, 2022 | 15:16

Playing with TP-Link TL-WR841N

At the time of writing, three firmware versions were available for the hw v14 on the official support page: TL-WR841N(EU)_V14_200903 (200903) released on 2020-11-27 TL-WR841N(EU)_V14_180319 (180319) released on 2018-04-03 TL-WR841N(EU)_V14_171208 (171208) released on 2018-04-01 None of these versions prevents downgrades, so any transition between these are possible. When downgrading, it’s best to restore to factory defaults beforehand because of some incompatibilities (for example: the password get’s cut because of length limitations in one of the earlier versions). Read more

March 3, 2022 | 15:44

Hook Qt's QString using Frida

Recently, I wanted to understand what a Windows program built with Qt 4.7 is doing under the hood, in particular I investigated the use of the QString class. For that I used Frida to hook some of the classes methods. To get started, I created a simple program that makes use of the two methods fromAscii and append: #include <QString>#include <stdio.h>#include <Windows.h> int main() { int i = 1; while(1){ const char* str = "awesome"; QString qstr = QString::fromAscii(str); QString qstr2 = QString("string"); qstr. Read more

December 19, 2021 | 21:56

INE Lab - From XSS to Domain Admin

This lab starts by exploiting a stored XSS vulnerability and a vulnerable Java browser plugin to get a (unprivileged) remote shell on one of the company’s internal network machines. In a next step, using the socalled Group Policy Preferences (GPP) vulnerability, it’s possible to get local administrator credentials. Bypassing UAC allows to further escalate the privileges to SYSTEM and force a domain administrator to login to the machine, by preventing an importing application to work,so that the user will contact IT support. Read more

September 4, 2021 | 23:15

INE WebApp Labs - Introduction

Preparation # Set lab DNS $ sudo sed -i 's/nameserver.*/nameserver' /etc/resolv.conf Cookies These are labs to understand how cookies work. Lab 1 Test cookie with domain set by default $ curl -i -s -k -X $'POST' \ -H $'Host:' \ --data-binary $'username=admin&password=adminpassword' \ $'' \ | grep "TestCookie" Set-Cookie: TestCookie=Cookie+set+by+default The cookie is set without a domain value and without a path. It is only valid for the same domain, but all paths: Read more

December 30, 2020 | 14:13

Hugo, Docker, GitLab CI, and more ...

Here I’m describing the process, how this blog is built and deployed using Hugo, Docker and GitLab CI. In essence, every time I push code (or in my case content for my Hugo blog) to a GitLab repository, the GitLab CI runner will create a Docker container and provide it in it’s own private Docker registry. Watchdog will notice the change and pull the image. That’s it. Get Started First, I registered at gitlab. Read more

© Pavel Pi 2021

Powered by Hugo & Kiss'Em.