simonemainardi

Disassemble and Modify an Binary To Change a Function

In this gist I show how to disassemble and modify a Linux executable binary to change the body of a function. This will allow you to control how a binary behaves, even when you don't have access to the source code and you can't recompile it.

In my case, I was asked to try and bypass the protection mechanism implemented. The protection mechanism implemented was meant to only allow a binary to be run in presence of a valid license.

So basically my activity involved:

• Finding the function which performs the protection check
• Disassembling the binary

simonemainardi

Using Blind SQL Injections to Retrieve Access Credentials of a Website

In this gist I show how I leveraged a boolean-blind sql injection to gain access to a protected website. The injection allowed me query the website database and retrieve a valid pair username/password. Using the retrieved credentials I was able to login into the protected section of the website.

Software Used

To perform the attack I used:

• sqlmap to discover the website was vulnerable to SQL injections.
• Burp Suite to forge and send POST requests to the website login page, carrying payloads opportunely crafted with SQL queries.

simonemainardi

D-Link camera sending video in clear over the Internet

After the interesting talk of my friend Luca Deri at the SharkFest EU 2018, I was curious to see how secure was my D-Link security camera.

So I used my computer to share the WiFi internet collection to the camera connected via Ethernet. Then I started sniffing on the Ethernet interface with wireshark and turned on the d-link.

Then, I opened "My Dlink" iPhone app to actually see the video of my camera.

Surprise, the camera sends HTTP in clear with h264 video.