Home > Uncategorized > Security News #0x6E: The “Yeah, I’m Late” (part 1) Edition

Security News #0x6E: The “Yeah, I’m Late” (part 1) Edition

Sorry for being so late with this (and the next one!). I got a bit behind at MACCDC, then farther behind working with the team to get ready for Nationals, and then HeartBleed hit. Right now, I have a huge backlogged queue of things to look over. I will try to knock these out a bit at a time, but it’ll be a while yet. Today I’ll post the material I have that pre-dates HeartBleed……

Exploits
  • If you are a student and interested in learning how to build a PHP backdoor, then you want to take a look at Matthew Bryant’s blog post where he shows how to do that. I like the fact that he explains in some detail the purpose of each component in his script. It is not an invisible, undetectable super-script, but it is a great place to start for someone who wants to learn.
  • ASUS RT-AC68U routers appear to be vulnerable to both a remote code execution vulnerability and a cross-site scripting bug. I tried out the remote code execution attack on a vulnerable system using one of the vulnerable firmware versions. Boom! I had no problem grabbing the contents of /etc/passwd directly from the router. It did require access to the router from the internal network and it did require administrator access, but it is clear that the problem is real. Worse, it does not appear that updated firmware has been publicly released, as attempts to use the router’s interface to upgrade the firmware receive the notification "The router’s current firmware is the latest version.". Ouch.
Learning More
  • So you want to learn more about the getsystem command in Metasploit? Ask Mudge. After you read his post though, remember there are a few exploits for privilege escalation that are not tried automatically via getsystem. These include MS10-092 schelevator or MS13-015 EPATHOPJ. And if you have never tried MS 13-005 HWND_BROADCAST, you should. Unlike the first two, this won’t get you system in one shot. However, often your shell won’t allow you to upload files to the target; this exploit can get you those permissions. Just be sure you try it on a practice system and watch what happens on the target before you fire it off. Just sayin’.
  • Last time we talked a bit about CVE 2014-1761, a vulnerability in MS Word caused by malformed .rft files. Well the folks at McAfee have a nice blog post that provides some of the technical details behind the attack.
  • The folks at disconnected.io have a nice piece on hacking an individual target. An unnamed person asked a colleague to try to hack his home network for the promise of (good) beer. The post describes the various attack methods- what worked, and what didn’t, and how social engineering provided a key point of entry. Well worth reading!
For Students
  • There is a great piece on the Red Team point of view in the South East CCDC regional over at www.samcapella.com. It was a really interesting read, not only for how the author attacked his target team, but also because it gave me a new appreciation for the differences in structure and organization between the regional events, as our mid-Atlantic CCDC regional is set up very differently.
Random Humor
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: