Christoffer Claesson
Christoffer Claesson
Current Server Version: Hashtopolis: 0.11.0+repository Current Client Version: s3-python-0.5.0 Current Hashcat Version: 5.1.0 Command: API Request through BurpSuite/Python and Web interface API-Request to import Pre-Cracked hashes ``` { "section":"hashlist", "request":"importCracked",...
**Bug description** Failed to build docker image, through stack docker-compose hosted in Git Repo The error is: ``` Deployment error failed to deploy a stack: listing workers for Build: failed...
##### End User Device MissionUpload This attack is done through the Marti RestAPI which is specific to EUDs, which have been abused over the `TCP/8080` or the SSL equivalent (Given...
the compose files contain outdated data and should be changed to use the github registry instead
Routing TAK to TAK works Routing TAK to ALL works Routing TAK to Group Does not work! Tested on iTAK, ATAK and WinTAK The Group chat CoT contains a tag...
The WebUI leaks the RestAPI and Websocket tokens in the javascript source code! These should not be reflected back to the user as that can lead to unintended requests through...
In the FreeTAKServer-UI there is a function to create and view Emergency Alerts that are originating from either the End User Device or from the UI itself. Both Avenues are...
The API endpoint `/AuthenticateUser` contains a SQL Injection into the SQLite3 Database that is handling the authentication process of the SystemUsers. In order to exploit this vulnerability the attacker need...
##### User Interface Datapackage From the WebUI it is possible to (once logged in) upload DataPackages directly to the server so that it is possible to download the zipped files...