Bitcrack Cyber Security Blog
The official blog of Bitcrack Cyber Security. Keep up to date with our latest research, findings, announcements and more.

Latest

Mar
06

Remote Stealth Brute-force of Oracle Database Passwords

During an internal penetration test we discovered an Oracle database of version 11g Release 2 in the client’s network.
8 min read
Dec
26

Robots & Passwords - OpenAI and Password Cracking

With a lot of interest in OpenAI recently, it has become apparent that one can also use the technology for
6 min read
Nov
29

Brocade Fabric OS ≤ v8.0.2c rbash escape to read system files

Broadcom offers a number of products and networking solutions such as switches, extensions etc. These products come with their own
1 min read
Nov
21

BSides Cape Town 2022 CTF

We're sponsoring a Password Hash Cracking Contest For BSides Cape Town 2022! The Flag to Capture? Passwords...lots and lots
1 min read
May
19

Gaining access through error-based SQLi using WebSockets

Introduction In the previous Pwning the portal blog post, we extracted the source code of a corporate login portal through
4 min read
Jan
12

Pwning the portal: from database dump to session hijacking

Introduction I find that doing bug hunting and responsible disclosure is a nice practical way to “learn by doing” for
5 min read
Oct
15

Misusing BeyondTrust Remote Support Leads To Data Exposure

BeyondTrust (former Bomgar) is a security firm, offering access management solutions to a large number of companies, “including half of
4 min read
Sep
08

Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]

AcyMailing [https://www.acymailing.com/] is a newsletter subscription WordPress plugin with more than 30.000 total downloads and more
4 min read
Aug
17

Hacking WordPress Plugins - Authenticated Shell Upload [CVE-2021-24347]

SP Project & Document Manager [https://wordpress.org/plugins/sp-client-document-manager/] is a WordPress plugin developed by Smarty Pants, with over 301.
4 min read
Sep
03

The PMKID Attack

A new attack vector, but not the golden ticket to Wi-Fi pwnage. So, you’ve seen the new attack one
6 min read