-
(CVE-2020-11553 -> CVE-2020-11557) NOC NOC. Who’s there? Your NMS is pwnd.
Recently I discovered vulnerabilities in Castle Rock Computing’s SNMPc Enterprise, specifically SNMPc OnLine 12.10.10 before 2020-01-28. Instead of writing my usual blog post containing the coordinated disclosure information, I thought I would do something a little bit different this time and create a simple tutorial for new players regarding the importance of bug chaining. We’ll […]
-
(CVE-2019-12774 –> CVE-2019-12777) ENTTEC Lighting Controllers Vulnerabilities
In March 2019 I discovered numerous vulnerabilities in a number of ENTTEC’s Lighting Controller products. These vulnerabilities were identified in the current firmware versions publicly available from ENTTEC’s website product pages. According to the comapany’s website, ENTTEC are “Leaders in the expert design and manufacture of LED lights and controls, ENTTEC are an Australian company […]
-
Welcome to 2019, BTW disclosure is still borked
Straight up TL;DR hereā¦ I don’t give a flying toss which form of disclosure you choose to use when disclosing vulnerabilities, just do not preach to me regarding how I should go about the process. I am writing this short rant to answer the perpetual questions I receive around which disclosure discipline I personally subscribe […]
-
(CVE-2017-14020) Automation Direct Multiple Software Vulnerabilities
Background: In late July 2017, I discovered vulnerabilities in a number of AutomationDirect’s industrial control products, particularly around the programming and interaction software. These vulnerabilities can be exploited by placing a crafted DLL file in the software search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
-
(CVE-2017-14029) VTScada HMI and SCADA Software Vulnerability
Background: On the 05th August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
-
Your broker is a pimp…
The year was 1999; what an awesome year!! The Y2K bug made us all rich (or poor)… we all started to see dead people using our Sixth Sense … and primary coloured drugs became all the rage as we followed the white rabbit into The Matrix. On top of all that excitement, a couple of […]
-
Whois Mr Robot
It has been a while since I have had a crack at any of the boot2root boxes over at vulnhub, so when I saw the following tweet saying there was a Mr Robot inspired VM released I could not hold back! Like always… let’s see what ports are open. Port 80 and 443; nice. Let’s […]
-
Set the Controls for the Heart of the Sun
Recently I created my first boot2root challenge, The Wall for the Vulnhub community. I hope everyone enjoys the challenge, and here’s my writeup of the intended path to root. “In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of […]
-
Grabbing loot from vmdk’s
An acquaintance recently dropped me a line asking for some help with a gig she was working on. After sharing the background about the work she had performed so far, she said something which made me promptly sit up and listen… “I have access to backups… Can we do anything with vmdk’s?”. Needless to say, […]
-
Mystery of the NullByte
The flickering neon sign in the street once brightly read “Forensic Investigator”, but now it only serves to send shards of sporadic light into the cracks and crevices that call this neighbourhood home. If you watch the colours long enough, you could almost be convinced that the flicker is morse code for ‘failure’. Looking at […]
-
Acid … just say NO to drugs!
If you follow @Vulnhub you would have noticed that there has recently been quite a few new vulnerable boot2root machines released. Needless to say, you know what time it is… It’s boot2root CTF time! Introducing Acid Server: 1 by @m_avinash143. Welcome to the world of Acid. Fairy tails uses secret keys to open the magical […]
-
CVE-TBA: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS
On the 7th of July 2015 I discovered a reflected cross-site scripting (XSS) vulnerability in QNAP TS-x09 Network Attached Storage devices. Full disclosure was undertaken with the vendor and a CVE-ID has been requested from Mitre. CVE-ID: requested 7th July 2015 Author: Mark Cross Twitter: @xerubus WWW: www.mogozobo.com Summary A reflected Cross-Site scripting vulnerability was […]