On a penetration test last year, I discovered a local privilege escalation (LPE) in a piece of software running on a client’s systems. This software is called Liquidware ProfileUnity. This post is a quick run down of the techinical details of the vulnerability, how to determine if you are affected, and potential mitigations.
In a previous installment, I gave an introduction to the Freedom Hosting 2 database dumps. The main thrust of that article was identifying groups of sites that could be analyzed together, rather than trying to analyze each one of the nearly 11,000 sites individually. One of the most common uses of FH2 sites is forum hosting, which is the topic of this post.
I’ve been using Python 3 exclusively for a few years now, but when I search for Python API docs, most search engine results point at the Python 2.7 docs. Python 2.7 will be end of life on January 1st, 2020, which is 5 months away as I’m writing this! Why does it keep showing up in my search results!?
In the first post about Freedom Hosting 2, I mentioned that the customers’ passwords were hashed using an unusual algorithm. In this post, I’m going to look at FH2 from an infosec perspective by examining its hash algorithm and how to crack its passwords. This article also builds on some of the knowledge from my Cracking a “Signed” Cookie post.
I’m a little late to the party on this post, but Freedom Hosting 2—a notorious shared hosting service on the dark web—was anonymously hacked in 2017. The hacker posted a dump of the databases and some of the configuration and code from the server. In this post, I’ll crack into the dump and show you a bit of my analytic process to make sense of this large mass of data.
In 2018, I had some downtime between work projects, so I waded into the world of bug bounty programs. I learned that I’m not a great bounty hunter: I only found 3 payable bugs after investing a lot of bug hunting time. On the upside, I found a bug in Oracle Reports that eventually turned into… my first CVE credit!
Back in June, I posted about a project called Encoding Tools, which is an open source, browser-based utility for transforming text and binary strings. The purpose of this project is partially to scratch an itch, but also to have some fun building a project that I can market publicly. This post is an update on the project.
Multicast DNS (mDNS) and Service Discovery (DNS-SD) are ubiquitous protocols that are enabled by default in many modern tech products, especially those designed for home and small office environments. They are part of Zeroconf, a suite of technologies that helps network devices automatically discover each other. When you go to print a document, and your computer automatically suggests nearby printers, it might be using Zeroconf to do that!
In this blog post, I’ll break down what pen testers should know about mDNS and DNS-SD and how to use these technologies on your own assessments.
If you are a programmer, pen tester, or reverse engineer, you probably find yourself needing to manipulate data between various representations, such as URL encoding, base64 encoding, etc. There are a lot of web sites and utilities to do this sort of thing interactively, but I’ve never been totally satisfied with any of them.
So… I built my own! Today I am releasing Encoding Tools, an open source, browser-based utility for transforming text and binary strings.