Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Open to new ideas.

Berk Cem Göksel berkgoksel

🎯
Open to new ideas.
View GitHub Profile
View setup.py
from pip._internal import main
import sys
inst = {'y','yes'}
try:
import numpy as np
print("Everything seems OK. No need for setup.")
except ImportError:
@berkgoksel
berkgoksel / Ericsson LG IPECS NMS Cleartext Credential Dump
Created Jan 25, 2019
Dump postgresql database credentials, NMS login credentials and domain user credentials
View Ericsson LG IPECS NMS Cleartext Credential Dump
# -*- coding: utf-8 -*-
# Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump
# Vendor Notification: 03-03-2018 - No response
# Initial CVE: 04-04-2018
# Disclosure: 21-04-2018
# Exploit Author: Berk Cem Göksel
# Contact: twitter.com/berkcgoksel || bgoksel.com
# Vendor Homepage: http://www.ipecs.com/
View Core FTP LE - Remote Buffer Overflow - PoC (CVE-2018-12113).py
#!/usr/bin/env python
# coding: utf-8
############ Description: ##########
# The vulnerability was discovered during a vulnerability research lecture.
# This is meant to be a PoC.
####################################
# Exploit Title: Core FTP LE v2.2 Build 1921 (Client) - Buffer Overflow PoC
# Date: 12 Jun 2018
@berkgoksel
berkgoksel / Core FTP LE - Remote Buffer Overflow - (CVE-2018-12113).md
Last active Jun 22, 2018
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution
View Core FTP LE - Remote Buffer Overflow - (CVE-2018-12113).md

Suggested description

Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.


Vulnerability Type

Buffer Overflow

@berkgoksel
berkgoksel / PaleMoon_PoC.html
Created Jun 13, 2018
Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept.html
View PaleMoon_PoC.html
<!-- PaleMoon Browser - Proof of Concept -->
<!-- Exploit Title: Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept -->
<!-- Date: 13 Jun 2018 -->
<!-- Author - Berk Cem Goksel -->
<!-- Contact: twitter.com/berkcgoksel || bgoksel.com -->
<!-- Vendor Homepage: https://www.palemoon.org/ -->
<!-- Software Link: https://www.palemoon.org/palemoon-win32.shtml -->
<!-- Version: Versions prior to 27.9.3 (Tested versions: 27.9.0, 27.9.1, 27.9.2) -->
<!-- Tested on: Windows 10 -->
@berkgoksel
berkgoksel / Pale Moon Browser Use-after-free (CVE 2018-12292).md
Last active Jun 13, 2018
Use after free vulnerability on Pale Moon Browser. Multiple versions affected.
View Pale Moon Browser Use-after-free (CVE 2018-12292).md

Suggested description

A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject on Pale Moon Browser versions before 27.9.3.


Additional Information

The vulnerability has been confirmed and patched by the vendor.

View nms_creddump.py
from sys import argv
import sys
import os
import time
import requests
import re
if len(argv) != 3:
@berkgoksel
berkgoksel / CVE-2018-10285.md
Last active Apr 22, 2018
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms
View CVE-2018-10285.md

Suggested description

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.


Vulnerability Type

@berkgoksel
berkgoksel / CVE-2018-10286.md
Last active Apr 22, 2018
The Ericsson-LG iPECS NMS A.1Ac web application discloses cleartext credentials
View CVE-2018-10286.md

Suggested description

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.


You can’t perform that action at this time.