Compiling SSLScan with SSLv2 support on OSX

3 minute read Dec 17, 2014 Comments
SSLScan is a tool that I often use when validating SSL findings on penetration tests. I had recently seen a new version come out, with color highlighting and more fanciness, but wanted it for OSX. When I tried to compile it, I noticed that it did not support SSLv2, which is something I often screenshot, so I dived into getting it all working. This guide will outline how to compile the newer versions of SSLScan with color highlighting, on OSX while retaining SSLv2 capabilities.

Burp Icon in OSX

4 minute read Aug 1, 2014 Comments
Recently, I on a Google Hangout with a coworker and saw him using the Burp Suite. I noticed that he opened a text file containing the command to run burp with extra memory, so he could remember the shell command easily. I personally just ran the burp jar file by double-clicking the jar file. The only exception was when I did need that extra memory. In that situation, I had to look up the arguments on Google.

Backdoor Modules for Netgear, Linksys, and Other Routers

11 minute read Jan 13, 2014 Comments
A week or so ago, I read the news of a new backdoor on several devices, including those made by Belkin, Cisco, NetGear, Linksys, and several others. A list of what seems to be affected devices can be found here. Eloi Vanderbeken, who posted his findings on GitHub made the original discovery. He also wrote a useful python proof-of-concept exploit, which allowed command injection, but I wanted Metasploit integration.

Brainpan2

17 minute read Nov 20, 2013 Comments
Over on #vulnhub, there has been quite a chatter about Brainpan2, a “sequel” to Brainpan, by superkojiman. They’re even offering a 50 GBP award to whoever submits the best write-up! Since I enjoy challenges like this, I took a look at the machine. However, the writeup had to wait until the contest was complete, so that people didn’t cheat to win. The trolling, it begins early… I imported the VM into VMWare Fusion, and started finding the host.

Canon, Y U NO Security?

6 minute read Jun 18, 2013 Comments
I recently bought a new printer at home, so my wife could print coupons without manually attaching to my office printer each time (Thanks coupons.com and all the other shady sites that require spyware-like software to print coupons, and often don’t support network printers). I ended up picking up a Canon MX922. It works awesome for her, and is connected over WiFi, so any device in the house can print to it.

Sysax Multi Server 6.10 SSH DoS

6 minute read Apr 8, 2013 Comments
I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no code execution in the several that I tried, but I did find one pre-auth denial of service in Syax Multi Server 6.10. Try this at home! The vulnerable version can be downloaded here for anyone that would like to duplicate the DoS conditions. Understanding the Key Exchange I found that during the key exchange, where the SSH client and SSH server negotiate which ciphers to use, if you messed up just a single specific byte, the server would crash.

Buffer Overflow in HexChat 2.9.4

6 minute read Apr 6, 2013 Comments
A buddy of mine, Mulitia, and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low severity, but still neat. If you entered “/server ” followed by 20,000 random characters, the application died. I decided to try to make a working exploit out of this for fun. I contacted HexChat, by initialling going into the #hexchat channel on irc.freenode.net and trying to find a security contact.

Multiple Hover.com Security Issues

5 minute read Feb 28, 2013 Comments
I’m a customer of Hover for my domain name needs. However, that will be changing because I don’t believe that they take issues seriously. The first security issue I was browsing their site, looking for a new domain, and being the constant tinkerer I am, I entered a single quote into the textfield. I noticed an error, and eventually crafted this url: https://www.hover.com/domains/results?q=%27%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E There’s nothing magical in that URL, however it demonstrated a real vulnerability in their code:

XBMC Traversal Metasploit Module

3 minute read Feb 25, 2013 Comments
Background I was talking in Intern0t several months ago. AcidGen, from IOActive mentioned that he found a bug in XBMC. I use XBMC quite a bit at home, on various platforms, since it’s extremely wife-friendly. I hit him up, and we started talking. We had a nice Skype conversation, where we discussed possible platforms that were affected, and future exploits that we’d like to find. Since I had a jailbroken Apple TV 2 and RaspberryPi, I told him that I could test those platforms and help out.

HSTS Metasploit Module

4 minute read Feb 21, 2013 Comments
I have been working as a security consultant for a few months now, and one finding that is on almost every webserver I come across, is the lack of an HSTS (HTTP Strict Transport Security) implementation. This is understandable, since HSTS is still fairly new. In fact, before starting at Accuvant, I had never heard of it either! However, since most browsers support it now, I wanted to be able to report on it.
Page 1 of 8 1 2 3 4 5 6 7 8