Home
Smart Time Plus RCE – CVE-2024-53543
The Software Smart Time Plus < 8.6 contains several vulnerabilities: which can be chained to achieve unauthenticated remote code execution as SYSTEM on the Windows host. Background and Research During a pentest I stumbled across the following web service on port 443: Smart Time Plus is a time tracking tool developed and published by the
Continue Reading „Smart Time Plus RCE – CVE-2024-53543“
How to Patch a Android Unity Game
This post is a follow-up of the How to mod a simple Android App post and heavily based on this great article https://hacking.kurcin.com/android/use-frida-to-controll-unity-app-il2cpp/ Background about this Project I chose a game that I know and that I played myself for a while, this helps to identify useful methods and properties where you want to hook
Continue Reading „How to Patch a Android Unity Game“
How to mod a simple Android App
Background about this Project This post is about how to reverse and modify the simple Android Dice Roller! app. The app was randomly chosen by me, I wanted to start with something simple, so: Before you start always check, if you can decompile, compile, sign, install and lunch the app, some apps wont run with
Continue Reading „How to mod a simple Android App“
GOG Galaxy – CVE-2022-31262
With my researches, described on my other post Hunting for LPEs in Gaming Software. I was curious about GOG services which run as Local System. I installed GOG on a „fresh“ Windows 11 and Windows 10 system and focused again to the Service „GalaxCommunication“. As we can see the Service is still running with SYSTEM
Continue Reading „GOG Galaxy – CVE-2022-31262“
Hunting for LPEs in Gaming Software
Recently I started to dive deeper into the topic „LPE on Windows“, obviously one of the first things you will learn is to look what runs as system and does it load anything were you have write access to. The Theory I started my learning with some very educating sources about DLL Ghosting and Sideloading.
Continue Reading „Hunting for LPEs in Gaming Software“
RE: DC-932L Reversing a Webcam Part 3 – Building the Firmware
In my last post I described how to extract the firmware, this was quite easy. But to rebuild a firmware is something different. This is a three part long story I need to be honest here, just remembering back to this process is painful, I will just describe some problems about the whole process that
Continue Reading „RE: DC-932L Reversing a Webcam Part 3 – Building the Firmware „
RE: DC-932L Reversing a Webcam Part 2 – Extracting the Firmware
In my last post I described how to get a shell on the device, but my final goal was to extract the firmware, manipulate some data in it and rebuild it so that I have a custom firmware for this device. This is a three part long story There are some good resources about this
Continue Reading „RE: DC-932L Reversing a Webcam Part 2 – Extracting the Firmware“
RE: DC-932L Reversing a Webcam Part 1 – Getting a Shell
Introduction and Story I remember, more then a year ago I watched this fantastic video from stacksmashing about reverse engineering and rebuilding a custom firmware for a webcam. I was absolutely stunned that this is possibile and thought about to try this some time on a device I have at home. As usual, time passes
Continue Reading „RE: DC-932L Reversing a Webcam Part 1 – Getting a Shell“
How to start with Buffer Overflows (Linux)
How to Start So, that´s a really good question and not easy to answer, it really depends on the goals and knowledge you have, but I`ll try to break this down. For a really first start I can recommend the following sources: Also read my other post about Things i wanted to know before i
Continue Reading „How to start with Buffer Overflows (Linux)“
Things I wanted to know before I started with Buffer Overflows
Entry This Post is about different issues and challenging moments I encountered during my learning experience with Buffer Overflows and wished I knew before. This is not a guide how BOFs are working or how to learn this topic. Watch these two videos from LiveOverflow, these will really save you some time if your exploit
Continue Reading „Things I wanted to know before I started with Buffer Overflows“