Recently I was trying RDP from a Windows10 laptop through SSH on a Debian web-server to an internal Windows7 box that was on a different VLAN. I had only a Windows10 laptop with Putty to do it. So Basically Win10laptop>debianwebserver>win7through a secure ssh session and get to the internal Win7 without port forwarding on the router.
I had access to SSH account on the Debian web-server, so I was able to use this as a pivot point to get into the internal network. Luckily even though the Debian web-server and Win7 box were on different VLANs, the VLANs were able to talk to each other. The Debian web-server was on 10.0.10.21 , it could still ping Win7 on 192.168.0.146.
Just in case your head is spinning trying to read this, below is a diagram how I achieved this using Putty. Im posting it here so next time I need to do this I dont need to try to figure it out again.
ImageMagick reported today (CVE-2016–3714) allows image uploads to trick the ImageMagick software into running commands instead, leading to a remote code execution(RCE)bug. More info ::HERE::
A new heap memory corruption (Out-of-Bounds Read) that affects Microsoft Office Excel 2007,2010,2013 and 2016. This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office Excel file (.xlsm). Advisory & POC
For one of my old projects last year, I need mod a micro servo to rotate continuously 360 degrees for a small robot tank, this hack will work with just about any servo. To do so you need to for open up the servo casing. Carefully remove the bottom portion first (where the wires are coming out of). Continue reading →
Affected configurations: All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled.
Vulnerability: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).
Injection of xauth commands grants the ability to read arbitrary files under the authenticated user’s privilege, Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an attack surface.
Mitigation / Workaround:
disable x11-forwarding: sshd_config set X11Forwarding no
disable x11-forwarding for specific user with forced-commands: no-x11-forwarding in authorized_keys
Researchers, Kai Cao and Anil Jain, from the Department of Computer Science and Engineering at Michigan State University have loaded up an inkjet printer with cartridges designed for printing electronic circuits, and used the output to fool smartphone fingerprint sensors on a Samsung Galaxy S6 and a Huawei Honor 7. They just needed a reversed scan of the victim’s fingerprint, and an inkjet printer loaded up with ink and paper from printed electronics specialist AGIC. Read more of their paper ::HERE::
All installations having Exim set-uid root and using ‘perl_startup’ are
vulnerable to a local privilege escalation. Any user who can start an
instance of Exim (and this is normally *any* user) can gain root
privileges. ::POC Here::
Got my new RPi3 today , I was able to get it ordered early Monday morning by poking around Element14’s website. Even though they didn’t have it posted they did an available part number, 77Y6520, so I used that to place an order and I got notified on Tuesday that it was sent 🙂 The CPU is a little beefier and its 64bit and the board now has wifi and bluetooth onboard. So I’ll probably implement some bluetooth geo-fencing with IFTTT in my home automation project.
Using Flask and JQuery, a friend helped me out with automating capturing the 433mhz signal from remotes so you don’t have to manually add them in the code.
Basically the Flask starts a webserver when you click n the add button, the code executes the RFSniffer binary and receives the data when a signal is received, then displays it to the webpage. Still have to finish the code for adding the data to the MySQL db , but thats the easy part.