Author Archives: illwill

Windows 10 RS1 14316

By | |
Leave a comment

The build brings new changes targeting previously exploited dll-hijacking and uac bypass method vulnerabilities.

cliconfg.exe – can no longer be used as target for autoelevation as MS changed it manifest to autoelevate=false.

mmc.exe – event viewer console fixed, dll hijacking no longer works.

fake IIS inetmgr.exe launch from inetsrv appinfo hardcoded directory fixed too – Windows will not allow you to run & autoelevate anything except legit InetMgr.exe from system32inetsrv directory.

Bypasses alot of the methods used by UACme that is posted in my ::Wiki::

OpenSSH xauth command injection

By | | ,
Leave a comment

CVE-2016-3115
Affected configurations: All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled.

Vulnerability: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).
Injection of xauth commands grants the ability to read arbitrary files under the authenticated user’s privilege, Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an attack surface.

Mitigation / Workaround:
disable x11-forwarding: sshd_config set X11Forwarding no
disable x11-forwarding for specific user with forced-commands: no-x11-forwarding in authorized_keys

::More Info::

CVE-2016-3116
This also affects DropBear, from their Changelog:
“Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions”

Mitigation / Workaround:
disable x11-forwarding: re-compile without x11 support: remove #define ENABLE_X11FWD in options.h

::More Info::

Bypass Biometrics with Inkjet Printer

By | |
Leave a comment

fingerprint_spoof_kit

Researchers, Kai Cao and Anil Jain, from the Department of Computer Science and Engineering at Michigan State University have loaded up an inkjet printer with cartridges designed for printing electronic circuits, and used the output to fool smartphone fingerprint sensors on a Samsung Galaxy S6 and a Huawei Honor 7. They just needed a reversed scan of the victim’s fingerprint, and an inkjet printer loaded up with ink and paper from printed electronics specialist AGIC. Read more of their paper ::HERE::

Raspberry Pi 3 Arrives

By | | ,
Leave a comment

Got my new RPi3 today , I was able to get it ordered early Monday morning by poking around Element14’s website. Even though they didn’t have it posted they did an available part number, 77Y6520, so I used that to place an order and I got notified on Tuesday that it was sent 🙂 The CPU is a little beefier and its 64bit and the board now has wifi and bluetooth onboard. So I’ll probably implement some bluetooth geo-fencing with IFTTT in my home automation project.

pi1pi2pi3

Automated Signal Capture

By | | ,
Leave a comment

Using Flask and JQuery, a friend helped me out with automating capturing the 433mhz signal from remotes so you don’t have to manually add them in the code.

Basically the Flask starts a webserver when you click n the add button, the code executes the RFSniffer binary and receives the data when a signal is received, then displays it to the webpage. Still have to finish the code for adding the data to the MySQL db , but thats the easy part.

Raspberry Pi touch display

By | | ,
Leave a comment

So I received an official 7″ touch display for xmas. Even though it’s $60, it brings my total cost over 200$ for the project. But I thought it would be an awesome addition to the project because you don’t have to whip out your phone just to control everything. I’s a pretty sweet 800 x 480 10 point capacitive touchscreen display all you need to do is connect the DSI ribbon cable and feed ground/5v from the Pi’s GPIO pins. Im thinking starting the browser in kiosk mode should suffice once I finish the node.js interface. The only issue I havent resolved was to power down the screen fully when the Pi shutdowns. If anyone knows how to let me know.
front-centred-500x365

Pilybius

By | | ,
Leave a comment

pilybiusMarquee_sharp
Working on mini MAME arcade machine. It was designed in Solid Works 2015 then cut out of 1/4″ MDF on our Epilog laser cutter. Will be powered by a Raspberry Pi and a 9″ TFT screen. The software is MAME4ALL-Pi running the MAME 0.375b5 romsets. The joystick and buttons are connected directly to the GPIO pins and the 9” monitor is connected to the Video out port.

Pilybius is based off an arcade cabinet described in an urban legend about a game called Polybius, which is said to have induced various psychological effects on players. The story describes players suffering from amnesia, night terrors, and a tendency to stop playing all video games. Continue reading