Home
RE: DC-932L Hacking a Webcam Part 3 – Building the Firmware
In my last post I described how to extract the firmware, this was quite easy. But to rebuild a firmware is something different. This is a three part long story RE: DC-932L Hacking a Webcam Part 1 – Getting a ShellRE: DC-932L Hacking a Webcam Part 2 – Extracting the FirmwareRE: DC-932L Hacking a Webcam
Continue Reading “RE: DC-932L Hacking a Webcam Part 3 – Building the Firmware “
RE: DC-932L Hacking a Webcam Part 2 – Extracting the Firmware
In my last post I described how to get a shell on the device, but my final goal was to extract the firmware, manipulate some data in it and rebuild it so that I have a custom firmware for this device. This is a three part long story RE: DC-932L Hacking a Webcam Part 1
Continue Reading “RE: DC-932L Hacking a Webcam Part 2 – Extracting the Firmware”
RE: DC-932L Hacking a Webcam Part 1 – Getting a Shell
Introduction and Story I remember, more then a year ago I watched this fantastic video from stacksmashing about reverse engineering and rebuilding a custom firmware for a webcam. I was absolutely stunned that this is possibile and thought about to try this some time on a device I have at home. As usual, time passes
Continue Reading “RE: DC-932L Hacking a Webcam Part 1 – Getting a Shell”
How to start with Buffer Overflows (Linux)
How to Start So, that´s a really good question and not easy to answer, it really depends on the goals and knowledge you have, but I`ll try to break this down. For a really first start I can recommend the following sources: HTB Academy Stack Based Buffer Overflows Cyber Mentors Buffer Overflow YT Series TryHackMe
Continue Reading “How to start with Buffer Overflows (Linux)”
Things I wanted to know before I started with Buffer Overflows
Entry This Post is about different issues and challenging moments I encountered during my learning experience with Buffer Overflows and wished I knew before. This is not a guide how BOFs are working or how to learn this topic. Very imported, watch these two videos from LiveOverflow, these will really save you some time if
Continue Reading “Things I wanted to know before I started with Buffer Overflows”
NTLM Attack in Metabase CVE-2022-24853
Metabase GeoJSON API Endpoint Back in September 2021, Metabase released a security announcement regarding its GeoJSON API endpoint: GeoJSON URL validation can expose server files and environment variables to unauthorized users We’ve discovered a potential security issue with the custom GeoJSON map (admin->settings->maps->custom maps->add a map) support and potential local file inclusion (including environment variables).
pwntools, gdb, gdbserver and pwndbg with 32 bit binaries
A few weeks ago i just started with binary exploitation and as learning and understanding this topic is not enough challenging, i encountered different problems with the tools and some basics. One of these problems i will describe today. Intro there are many good tutorials, challanges and ctfs out there, where you can start learning
Continue Reading “pwntools, gdb, gdbserver and pwndbg with 32 bit binaries”
gMSA Passwords
Doing one of the recent HTB Boxes i came across the tool https://nettools.net and learned how you can retrieve gMSA passwords with it: https://nettools.net/howto-retrieving-gmsa-password-details/ Additional to the howto from NetTools you can change the encoding for the desired attribute to only retrieve the current password this will print you only the current password as hex
PHP Voting System – Unauthenticated Remote Code Execution
Today i just found another exploit in the PHP Voting System. The file /admin/candidates_add.php is vulnerable against unauthenticated file upload which can use for RCE. Exploit DB entry: https://www.exploit-db.com/exploits/49846 Vulnerable file candidates_add.php You just need to send a POST with multipart/form-data so you can upload any file you wish. There is no cookie or file
Continue Reading “PHP Voting System – Unauthenticated Remote Code Execution”
PHP Voting System – Admin Authentication Bypass (SQLI)
Today i found a new exploit in the PHP Voting System. Exploit-DB entry: https://www.exploit-db.com/exploits/49843 The /admin/login.php is vulnerable against SQL injections and so you can bypass the admin authentication. login.php As you can see the first check if($query->num_rows < 1)against the username is only checking the number of rows. With the following statement you always
Continue Reading “PHP Voting System – Admin Authentication Bypass (SQLI)”