Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

IBM QRadar is an enterprise security information and event management (SIEM) product (just for perspective).

Quoted from the article: "This exploit chain abuses both components of the forensics application to bypass authentication and write a file to disk, and then it abuses a cron job to escalate privileges to root. QRadar has an Apache reverse proxy sitting in front of all its web applications, which routes requests according to the URL." So cool when 3 or 4 vulnerabilities turn into RCE!

To bypass authorization, the parameter forensicsManagedHostIps could be used. This was traditionally used for internal services, but also worked from the outside. Once this parameter was used on the authentication request, the cookies in the request were added as valid tokens.

The command injection was very normal; just injecting a parameter into an OS level command.

Finally, a cronjob (timed unix events) is abused to get from a low level shell to root.