Multiple vulnerabilities in nodejs ecstatic/http-server (http-party)

I’ve been fuzzing http-server for a few days now and I found 3 interesting vulnerabilities which may affect versions 2.2.1 (some), 3.3.2, 3.3.1, 3.3.0 and 4.1.2 of ecstatic web-server:

  • Directory listing due to insecure default configuration + “range: 10000” HTTP header
  • Denial of Service by sending the %00 null character in the URL
  • Internal path disclosure caused by a long URL

According to shodan there are up to 5k ecstatic webservers

Continue reading “Multiple vulnerabilities in nodejs ecstatic/http-server (http-party)”

Using Windows web server as SOCKS proxy with proxychains, chisel and ngrok

For this article I’ll set up a Windows 8.1 VM with XAMPP + PHP web app vulnerable to RCE and explain how to use the Windows server as a SOCKS proxy similar to SSH tunneling on Linux servers.

  1. Set up the web server on a Windows VM
  2. Chisel binaries
  3. Serve chisel binary with ngrok
  4. Download chisel binary to vulnerable web server
  5. Set up proxychains
  6. Chisel tunneling
  7. Testing the SOCKS proxy
  8. Wrap it up
Continue reading “Using Windows web server as SOCKS proxy with proxychains, chisel and ngrok”

Running ARM binaries on Ubuntu x86 with QEMU

For this article I’ll use the example of extracting the http daemon (build for ARM) from my home router and run it on my Ubuntu 18 on x86.



  1. Download the httpd and shared libraries from router
  2. Install QEMU
  3. Run httpd with QEMU
  4. Create a chroot jail
  5. Find all shared libraries + run bash in chroot
  6. Set LD_LIBRARY_PATH inside chroot jail
  7. Automate the LD_LIBRARY_PATH set
Continue reading “Running ARM binaries on Ubuntu x86 with QEMU”