Backdoor Modules for Netgear, Linksys, and Other Routers

11 minute read Jan 13, 2014 Comments
A week or so ago, I read the news of a new backdoor on several devices, including those made by Belkin, Cisco, NetGear, Linksys, and several others. A list of what seems to be affected devices can be found here. Eloi Vanderbeken, who posted his findings on GitHub made the original discovery. He also wrote a useful python proof-of-concept exploit, which allowed command injection, but I wanted Metasploit integration. After playing with the proof-of-concept, I realized how powerful this backdoor could be.
Read more security hacking metasploit exploit linux mips

Brainpan2

17 minute read Nov 20, 2013 Comments
Over on #vulnhub, there has been quite a chatter about Brainpan2, a “sequel” to Brainpan, by superkojiman. They’re even offering a 50 GBP award to whoever submits the best write-up! Since I enjoy challenges like this, I took a look at the machine. However, the writeup had to wait until the contest was complete, so that people didn’t cheat to win. The trolling, it begins early… I imported the VM into VMWare Fusion, and started finding the host.
Read more security hacking wargames brainpan

Canon, Y U NO Security?

6 minute read Jun 18, 2013 Comments
I recently bought a new printer at home, so my wife could print coupons without manually attaching to my office printer each time (Thanks coupons.com and all the other shady sites that require spyware-like software to print coupons, and often don’t support network printers). I ended up picking up a Canon MX922. It works awesome for her, and is connected over WiFi, so any device in the house can print to it.
Read more http printer canon security hacking

Buffer Overflow in HexChat 2.9.4

6 minute read Apr 6, 2013 Comments
A buddy of mine, Mulitia, and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low severity, but still neat. If you entered “/server " followed by 20,000 random characters, the application died. I decided to try to make a working exploit out of this for fun. I contacted HexChat, by initialling going into the #hexchat channel on irc.freenode.net and trying to find a security contact.
Read more windows hexchat exploit security

Multiple Hover.com Security Issues

5 minute read Feb 28, 2013 Comments
I’m a customer of Hover for my domain name needs. However, that will be changing because I don’t believe that they take issues seriously. The first security issue I was browsing their site, looking for a new domain, and being the constant tinkerer I am, I entered a single quote into the textfield. I noticed an error, and eventually crafted this url: https://www.hover.com/domains/results?q=%27%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E There’s nothing magical in that URL, however it demonstrated a real vulnerability in their code:
Read more rant hover xss security

HSTS Metasploit Module

4 minute read Feb 21, 2013 Comments
I have been working as a security consultant for a few months now, and one finding that is on almost every webserver I come across, is the lack of an HSTS (HTTP Strict Transport Security) implementation. This is understandable, since HSTS is still fairly new. In fact, before starting at Accuvant, I had never heard of it either! However, since most browsers support it now, I wanted to be able to report on it.
Read more http security metasploit