modpr0be

Posisi saya saat ini sebagai direktur dan pemilik PT Spentera, sebuah perusahaan yang fokus dalam bidang penetration test, incident response, intrusion analysis and forensic investigation. Saya juga berkontribusi untuk repositori eksploit Metasploit Framework sebagai pengembang kode eksploit. Saat ini memegang sertifikasi dari Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), ISO/IEC ISMS 27001: 2013 Lead Auditor/Auditor, GIAC Certified Intrusion Analyst (GCIA), dan Offensive Security Exploitation Expert (OSEE). Jika ingin menghubungi saya dapat melalui email bisnis di tom at spentera dot id atau pribadi di me at modpr0 dot be

Joined: 12 February 2022
Articles: 64

Tutorial

Remove Comments from Configuration

Sometimes when you want to config something, it contains the comments from the developer which will help us to figured out which options of arguments will be used. But if you are already familiar with the configuration, comments are so…

modpr0be
1 May 2011

Exploit Development

QuickShare File Server 1.2.1 FTP Directory Traversal Vulnerability

QuickShare File Server is prone to a FTP directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to modify files outside the destination directory and possibly gain access to the system. Software…

modpr0be
4 February 2011

Exploit Development

FTPGetter v3.58.0.21 Buffer Overflow (PASV) Exploit

A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system. The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to…

modpr0be
3 February 2011

Exploit Development

SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability

SolarFTP Server 2.0 is prone to a denial of service condition. It fails to properly sanitize user-supplied input resulting in a denial of service. With a specially crafted ‘USER’, ‘APPE’, ‘GET’, ‘PUT’, and ‘NLST’ command, a remote attacker can potentially…

modpr0be
17 December 2010

Exploit Development

53 bytes – Windows XP SP3 (en) notepad.exe win32 Shellcode

Finally, my first win32 shellcode.. This will execute notepad.exe when loaded. Run on Windows XP SP3 English.

modpr0be
6 December 2010

Exploit Development

0day Linux Escalation Privilege Exploit Collection (Oct-Nov 2010)

I have created a script that contains of local privilege escalation exploits that was published by Tavis Ormandy via Exploit-DB.com between October – November 2010. Take a look at here 201011-0day-linux-exploit *Update 1: I rename the file and make the…

modpr0be
27 November 2010

Exploit Development

Very Simple FTP Fuzzer

Written in Python, i try to make a simple fuzzer for FTP server. This script will try to fuzz the commands like APPE, USER, LIST, CWD, etc..you can find all commands here 😉 This script is simply a modified version…

modpr0be
20 September 2010

Tutorial, Web Security

How to: SQLMap (dump and destroy)

SQLMap is the tool to automate SQL Injection vulnerability exploitation. This tool is very popular to exploit the SQL Injection vulnerability. While most of web hacker enthusiast knew about this tool to gather information and retrieves the tables information, i…

modpr0be
2 September 2010

Web Security

OWASP ModSecurity Core Ruleset

ModSecurity is a good starting point to secure your web site. OWASP provides the core rule set (CRS) for ModSecurity rules against the most critical web application attack. From OWASP: ModSecurity is an Apache web server module that provides a…

modpr0be
13 August 2010

Exploit Development

Batch Audio Converter <=v.1.0.0 Stack Overflow (SEH)

Iseng-iseng nyari aplikasi yang bisa diotak-atik buat maenan SEH, dapet juga aplikasi Batch Audio Converter <= v.0.4.0.0 dan berhasil di eksploitasi dengan sukses melalui SEH Overflow (tulisan mengenai SEH secara jelas bisa dilihat di situs Peter Van Eeckhoutte dan situs…

modpr0be
10 July 2010