You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Instantly share code, notes, and snippets.
Nicholas Starke
nstarke
Keep it away from the fire unless you want it to burn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I have a collection of QEMU VMs for different CPU Architectures. In an attempt to fill in some gaps on architectures I lacked VMs for, I decided to spin up a PowerPC32 VM under QEMU. I chose Debian-PowerPC as the OS.
However, this tutorial seems to recommend using a Raspberry Pi for following along with the tutorial. I decided I wanted to be able to work through the tutorial using a virtual machine, so I built a QEMU VM of the ARMEL architecture. This is the same architecture that the Raspberry Pi is based off of.
I went with debian for ARMEL because its the OS I'm most familiar with.
After the operating system is installed, I install tools like GDB and GEF for debugging / reverse engineering.
GEF is a plugin for GDB specifically built for reverse engineering and exploit development. From https://github.com/hugsy/gef.git:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Note: this write up doesn't contain any vulnerabilties or exploits!
I was recently taking a look at a few WeMo embedded devices. WeMo Devices are IoT contraptions like light switches, space heaters, and coffee machines that are network enabled. I examined the "Holmes Smart Heater". Both had port 41953 open, which is a common port for UPnP services. I decided to dig a little deeper and figure out a way to interact with the SOAP services which UPnP relies on in order to hunt for bugs. My goal was to retrieve sensitive information, such as the WiFi password, from the device.
Using Miranda's MSEARCH (which comes preinstalled on Kali Linux), I was able to discover the setup.xml file for the service I was examining. This file will always be XML, but the actual file name can change. Another way to discover this initial entry point is to examine the network traffic with WireShark. The MSEARCH HTTP requests are easy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DLink DCS 930L Command Injection and Image Still Exfiltration
DLink DCS 930L
In late 2015, I decided to start researching IP Cameras. I decided to try out the cheapest models available on Amazon.com, both because I thought those models would be more “fruitful” and because I was trying to do this research on a budget. It turns out that the security on these lower model IP Cameras is really bad.
I looked at five different IP Cameras and was able to gain root access on four of them within a few hours of starting to poke at them. All of the cameras I looked at cost between $30-$70, and can be purchased directly from Amazon.com.
My goals in completing this research were two-fold:
Gain root access on the camera
Find a way to exfiltrate camera stills or video off the camera
How to create an OS X El Capitan VM that will run on Linux
How to create an OS X El Capitan VM that will run on Linux
VirtualBox only officially supports OS X guests on an OS X host, but it is possible to create one on an OS X host and transfer it over to a Linux host. This tutorial will go over one possible way to accomplish this task.