How to find vulnerabilities in routers and what to do with it

Often, the manufacturers of routers do not particularly care about the quality of their code. As a result, the vulnerabilities are not uncommon. Today, the routers are a priority target of network attacks that allows to steal money and data while bypassing local protection systems. How can you personally check the quality of firmware and adequacy of settings? You can do this by using free utilities, online test services and this article.

Read full article →

Hackbook #197. Set up Cisco as server, SOP bypass for Flash and others

Task: Set up Cisco as server

Today we are going to cover the topic of Cisco-device (routers, switches) hacking, so to say, carrying on with the once started. Here I would like to amend the information which was presented in the previous issue. First, these devices have not two but three variants of user isolation: by password only, by login and password, or in “AAA” model (also by login and password). There seems to be no practical difference for a pen tester, but we’d still better rely on valid information.

Read full article →

Oracle DB vulnerabilities: the missing pentester handbook

Outer Perimeter: The Listener is under Attack

Those who ever came across this database know that Oracle DB interacts with its external environment by using a listener, which is a kind of balancer. The listener listens to port 1521 and resolves incoming connections depending on the requested database. One listener allows you to serve different databases. Also, in some cases, it allows to launch DoS and RCE attacks against the server. The audit of an Oracle database usually begins with attacks against the listener service. A priority task that you need to resolve in order to connect to the listener is to get SID, a kind of unique database identifier. Without it, the listener will not communicate with you. Sh2kerr once wrote an excellent research paper on this subject (Different ways to guess Oracle database SID).

Read full article →

7 non-trivial ways to hack your MySQL Database

We will start with a definition. MySQL is a relational database management system with different data storage engines, such as MyISAM, InnoDB, Archive and others. Like most open source projects, it has its own branches, for example, MariaDB. Before going into details, I would like to mention that most of discussed vectors/techniques/bugs apply to various engines and branches, though not always.

Read full article →

Dive into exceptions: caution, this may be hard


Suppose that you are facing a practical task that requires a full implementation of exception handling in a code embedded in someone else’s process, or you are creating your next PE packer/cryptor to ensure the functionality of exceptions in an unpacked image. In any case, it all comes down to the fact that the code using the exceptions is executed outside the image projected by the system boot loader, which will be the main cause of your problems.

Read full article →

Building kernel modules and native Linux applications for Android

As everybody knows, Android has the foundation of the Linux kernel. This implies that in theory you can run on a smartphone all the applications that are available on desktop Linux. In practice, everything is more difficult. Since the set of Native libraries in Android differs from that on the desktop (not to speak of the platform architecture), the applications need to be compiled statically. And sometimes to be patched, as well. But in this case too, the application operation is not always guaranteed.

Read full article →

Welcome, Sails.js! The Missing Rails for Node.js

Node.js is really cool, but the abundance of powerful frameworks that simplify the development of web applications for other programming languages was a significant deterrent to the popularity of the use of JavaScript on servers. Many people needed a simple tool, one like your favorite RoR, Yii or ASP .NET MVC. The community of JavaScript aficionados worked hard on correcting this unfortunate situation, and several interesting solutions emerged as a result. Each of them has their own arsenal of killer-features, but in all that diversity I was attracted by an ambitious project hidden under modest title Sails.js.

Read full article →