Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Open to new ideas.

Berk Cem Göksel berkgoksel

🎯
Open to new ideas.
View GitHub Profile
View setup.py
from pip._internal import main
import sys
inst = {'y','yes'}
try:
import numpy as np
print("Everything seems OK. No need for setup.")
except ImportError:
@berkgoksel
berkgoksel / Ericsson LG IPECS NMS Cleartext Credential Dump
Created Jan 25, 2019
Dump postgresql database credentials, NMS login credentials and domain user credentials
View Ericsson LG IPECS NMS Cleartext Credential Dump
# -*- coding: utf-8 -*-
# Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump
# Vendor Notification: 03-03-2018 - No response
# Initial CVE: 04-04-2018
# Disclosure: 21-04-2018
# Exploit Author: Berk Cem Göksel
# Contact: twitter.com/berkcgoksel || bgoksel.com
# Vendor Homepage: http://www.ipecs.com/
View Core FTP LE - Remote Buffer Overflow - PoC (CVE-2018-12113).py
#!/usr/bin/env python
# coding: utf-8
############ Description: ##########
# The vulnerability was discovered during a vulnerability research lecture.
# This is meant to be a PoC.
####################################
# Exploit Title: Core FTP LE v2.2 Build 1921 (Client) - Buffer Overflow PoC
# Date: 12 Jun 2018
@berkgoksel
berkgoksel / Core FTP LE - Remote Buffer Overflow - (CVE-2018-12113).md
Last active Jun 22, 2018
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution
View Core FTP LE - Remote Buffer Overflow - (CVE-2018-12113).md

Suggested description

Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.


Vulnerability Type

Buffer Overflow

@berkgoksel
berkgoksel / PaleMoon_PoC.html
Created Jun 13, 2018
Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept.html
View PaleMoon_PoC.html
<!-- PaleMoon Browser - Proof of Concept -->
<!-- Exploit Title: Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept -->
<!-- Date: 13 Jun 2018 -->
<!-- Author - Berk Cem Goksel -->
<!-- Contact: twitter.com/berkcgoksel || bgoksel.com -->
<!-- Vendor Homepage: https://www.palemoon.org/ -->
<!-- Software Link: https://www.palemoon.org/palemoon-win32.shtml -->
<!-- Version: Versions prior to 27.9.3 (Tested versions: 27.9.0, 27.9.1, 27.9.2) -->
<!-- Tested on: Windows 10 -->
@berkgoksel
berkgoksel / Pale Moon Browser Use-after-free (CVE 2018-12292).md
Last active Jun 13, 2018
Use after free vulnerability on Pale Moon Browser. Multiple versions affected.
View Pale Moon Browser Use-after-free (CVE 2018-12292).md

Suggested description

A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject on Pale Moon Browser versions before 27.9.3.


Additional Information

The vulnerability has been confirmed and patched by the vendor.

View nms_creddump.py
from sys import argv
import sys
import os
import time
import requests
import re
if len(argv) != 3:
@berkgoksel
berkgoksel / CVE-2018-10285.md
Last active Apr 22, 2018
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms
View CVE-2018-10285.md

Suggested description

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.


Vulnerability Type

@berkgoksel
berkgoksel / CVE-2018-10286.md
Last active Apr 22, 2018
The Ericsson-LG iPECS NMS A.1Ac web application discloses cleartext credentials
View CVE-2018-10286.md

Suggested description

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.