Daily Archives: November 10, 2018

CVE-2018-19143

Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.

CVE-2018-19135

ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.

CVE-2018-19168 (fruitywifi)

Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.

CVE-2018-19168

Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.

CVE-2017-17550

ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.

CVE-2018-19150

Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue.

CVE-2018-19148

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.

Matrix: 1 Vulnhub Walkthrough

Hello friends! Today we are going to take another boot2root challenge known as Matrix. The credit for making this vm machine goes to “Ajay Verma” and it is another boot2root challenge in which our goal is to get root access to complete the challenge. You can download this VM here.

Security Level: Intermediate

Flags: There is one flag (flag.txt).

Table of contents:

  • Port scanning and IP discovery.
  • Hitting on port 80
  • Hitting on port 31337 and finding base64 encoded string
  • Decode base64 encoded string
  • Finding and downloading Bin file
  • Decoding brainfuck encoded string
  • Creating dictionary using crunch
  • SSH login brute force using hydra
  • Finding rbash
  • Escaping restricted shell environment
  • Exporting environment variables
  • Getting root access.
  • Reading the flags.

Walkthrough

Let’s start off with scanning the network to find our target.

netdiscover

We found our target –> 192.168.1.18

Our next step is to scan our target with nmap.

The NMAP output shows us that there are 4 ports open: 22(SSH), 80(HTTP), 31337(HTTP)

We find that port 80 is running http, so we open the IP in our browser.

We don’t find anything on the web service running on port 80. So we start enumerating the web service running on port 31337.

We take a look at the source code of the web service running on port 31337 and find a base64 encoded string.

We decode the base64 encoded string and find a hint to that is related “Cypher.matrix”.

We open “Cypher.matrix” on the web service running on port 31337 and find that it starts downloading a BIN file.

We take a look at the content of the file and find “brainfuck” encoded string.

We decode the brainfuck encoded string using this site here and find an incomplete password for the user “guest”.

As the last 2 characters are missing we create a wordlist using crunch so that we can brute force SSH login.

crunch 8 8 -t k1ll0r%@ -o dict.txt

We use hydra to brute force ssh login using the dictionary we created earlier and find the password to be “k1ll0r7n”.

hydra -l guest -P dict.txt 192.168.1.18 ssh

Now that we know the password we login through SSH using credentials “guest:k1ll0r7n

ssh guest@192.168.1.18

After logging in we try to run “ls” command but are unable to run it as we have an rbash shell.

ls

We check the PATH environment variable and find that the path to be “/home/guest/prog”.

$PATH

Now as we cannot run “ls” command we try to find commands that can run. After trying a few commands we find that we can run “echo” command. We use “echo” command to find the executables inside “/home/guest/prog” and find “vi” is available.

echo "/home/guest/prog/*"

Now we check SHELL environment variable and find we have only rbash shell.

echo $SHELL

We run vi so that we can spawn /bin/bash and escape the restricted shell environment.

!/bin/bash

After escaping the restricted shell environment, we export /bin/bash to SHELL environment variable and “/usr/bin” directory to PATH environment variable so that we can run linux command properly.

export SHELL=/bin/bash:$SHELL
export PATH=/usr/bin:$PATH

After exporting into the environment variables, we check sudoers list and find we can directly get root shell as we have all the rights.

sudo -l
sudo su

We are unable to execute “su” command as we haven’t exported “/bin” directory into PATH environment. We exported “/bin” directory into PATH environment variable and again ran the command to login as root using the password we find earlier.

export PATH=/bin:$PATH
sudo su

After logging in we go to root directory and find a file called flag.txt. We take a look at the content of the file and find the congratulatory message.

cd /root
ls
cat flag.txt

Author: Sayantan Bera is a technical writer at hacking articles and cyber security enthusiast. Contact Here

The post Matrix: 1 Vulnhub Walkthrough appeared first on Hacking Articles.

What Parents Need to Know About Live-Stream Gaming Sites Like Twitch

Live-Stream GamingClash of Clans, Runescape, Fortnite, Counter Strike, Battlefield V, and Dota 2. While these titles may not mean much to those outside of the video gaming world, they are just a few of the wildly popular games thousands of players are live streaming to viewers worldwide this very minute. However, with all the endless hours of entertainment this cultural phenomenon offers tweens, teens, and even adults, it also comes with some risks attached.

The What

Each month more than 100,000 people log onto sites like Twitch and YouTube to watch gamers play. Streamers, also called twitchers, broadcast their gameplay live online while others watch and participate through a chat feature. Each gamer attracts an audience (a few dozen to hundreds of thousands daily) based on his or her skill level and the kind of commentary, and interaction with viewers they offer.

Reports state that video game streaming can attract more viewers than some of cable’s most popular televisions shows.

The Why

Ask any streamer (or viewer) why they do it, and many will tell you it’s to showcase and improve their skills and to be part of a community of people who are equally as passionate about gaming.

Live-Stream Gaming

Live streaming is also free and global so gamers from any country can connect in any language. You’ll find streamers playing games in Turkish, Russian, Spanish, and the list goes on. Many streamers have gone from amateurs to gaming celebrities with elaborate production and marketing of their Twitch or YouTube feeds.

Some streamers hold marathon streaming sessions, and multi-player competitions designed to benefit charities. Twitch is also appealing because it allows users to watch popular gaming conventions such as TwitchCon, E3, and Comic-Con. There are also live gaming talk shows and podcasts and a channel where users can watch people do everyday things like cook, create pieces or art or play music.

The Risks

Although Twitch’s community guidelines prohibit violent behavior, sexual content, bullying and harassment, after browsing through some of the  live games, many users don’t seem to take the guidelines seriously.

Here are just a few things to keep in mind if your kids frequent live streaming communities like Twitch.

  1. Bullying. Bullying happens on every social network in some form. Twitch is no different. In one study, over 13% of respondents said they felt personally attacked on Twitch, and more than 27% have witnessed racial or gender-based bullying in live streaming.Live-Stream Gaming
  2. Crude language. While there are streamers who put a big emphasis on keeping things clean, most Twitch streamers do not. Some streamers will put up a “mature content” warning before you click on their site. Both streamers and viewers can get harsh with language, conversations, and points of view.
  3. Violent games. Many of the games on Twitch are violent and intended for mature viewers. However, you can also find some more mild games such as Minecraft and Mario Brothers if your kids are younger. The best way to access a game’s violence is to sit and watch it with your child.
  4. Health risks. Sitting and playing video games for extended periods of time can affect players and viewers physical and emotional well-being. In the most extreme cases, gamers have died due to excessive gaming.
  5. Costs. Twitch is free to sign-up and watch games, but if you want the extras (no ads), it’s $8.99 a month. Viewers can also subscribe to individual gamers’ feed. Viewers can also purchase “bits” to cheer on their favorite players (kind of like badges), which can add up quickly.
  6. Stalking. Viewers have been known to stalk, harass, rob, and try to meet celebrity streamers. Recently, Twitch announced both private and public chat rooms to try to boost privacy among users.
  7. Live-Stream GamingSwatting. An increasingly popular practice called “swatting” involves reporting a fake emergency at the home of the victim in order to send a SWAT team to barge in on them. In some cases, swatter cases connected to Twitch have ended tragically.
  8. Wasted time. Marathon gaming sessions, skipping school to play or view games, and gaming through the night are common in Twitch communities. Twitch, like any other social network, needs parental attention and ground rules.
  9. Privacy. Spending a lot of time with people in an online “community” can result in a false sense of trust. Often kids will answer an innocent question in a live chat such as where they live or what school they go to. Leaking little bits of information over time allows a corrupt person to piece together a picture of your data.

An endnote: If your kids love Twitch or live stream gaming on YouTube or other sites, spend some time on those sites. Listen to the conversations your kids are having with others online. What’s the tone? Is there too much sarcasm or cruel “joking” going on? Put time limits on screen time and remember balance and monitoring is key to guiding healthy online habits.

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

 

The post What Parents Need to Know About Live-Stream Gaming Sites Like Twitch appeared first on McAfee Blogs.

Hackers Advancing Towards Memory Steal And Spy




The global village that internet is called nestles hacking and various other cyber threats which are notably expanding with the heightened exploitation capabilities of the cybercriminals. Initially, the threats ranged from stealing account data to scams for monetary gains. But with the strengthening of their attack arsenal, cybercriminals may soon be in a configuration to alter or control human memories and it will be made executable by exploiting memory implants to steal, spy on and to gain command over human brain.

In Netflix’s dystopian near-future series, Black Mirror, there’s an episode which revolves around an implanted chip allowing users to record and play whatever they see and hear- the perplexing enigma in the series makes the audience wonder whether the technology is powerful enough to manipulate the human brain or even to fiddle the memories.

Quite similar correlations between the human mind and the technology can be drawn from Michel Gondry’s science fiction,Eternal Sunshine of the Spotless Mind”. However, moving beyond the fiction scene, we have neuroscientists at the Riken-MIT Center for Neural Circuit Genetics at the Massachusetts Institute of Technology (MIT) who almost five years ago demonstrated how they could plant deceptive memories in the brain of mice. 

Instinctively, one can conclude the positive applications of the aforementioned demonstration – which is to delete the painful and hurt causing memories but as that’s just a side of this coin, the fraudsters could exploit the terrific technology to brainwash an entire population by implanting misleading and vicious memories.

Referenced from a report by Kaspersky Lab researchers and the University of Oxford Functional Neurosurgery Group - though, the most radical of all threats may be several decades away, the fundamental technical requirements already exist disguised as implantable deep brain stimulation devices.
The research categorizes the ability of cybercriminals to exploit memory implants as a growing concern with the advancements in the technological sphere; it joined the ‘coming soon’ list along with the robotic prosthetic limbs, motorized wheelchairs, and digital avatars.

Addressing the vulnerabilities and the potential threats that lie ahead the detailed study of memory implant and the intricacies of human memories - its creation and restoration is deemed essential by the scientists involved in the research. Against the vulnerabilities in the hardware and the software, they cautioned, “these need to be addressed if we are to be ready for the threats that lie ahead”. They further added, “Manipulation could result in changed settings causing pain, paralysis or the theft of private and confidential personal data,”
Experts take on memory falsification
The disorders associated with the implantable devices are ‘Parkinson’s diseases’, ‘obsessive-compulsive disorder’, ‘major depression’ and ‘essential tremor’. They are triggered by electrical impulses sent to the specific targets in the brain.  
“Current vulnerabilities matter because the technology that exists today is the foundation for what will exist in the future”, said Dimitry Galoy, a junior security researcher at Kaspersky Lab.
“Memory prostheses are only a question of time. Collaborating to understand and address emerging risks and vulnerabilities, and doing so while this technology is still relatively new, will pay off in the future”, corroborated Laurie Pycroft, a doctoral researcher at the University of Oxford Functional Neurosurgery Group.
According to the researchers and the scientists, in five years from now, it is expected that they will be technologically and cognitively equipped to record the brain signals which build memories and then rewrite them before placing them back into the brain. The advancements will allow for extensive control over memories, the extent of which goes as farther as uploading a human mind into a machine with all the necessary consents.
However, the vulnerabilities that will emerge and consequently be exploited by hackers not only minimize the beauty of this terrific technology but also inflate the concerns.

.



A Million Voices – Paul’s Security Weekly #582

This week, we welcome Corin Imai, Senior Security Advisor for DomainTools! She joins Paul and the crew to talk about DNS, phishing tools, and tease what DomainTools has in store for 2019! In our Technical Segment, we welcome back Eyal Neemany, Senior Security Researcher at Javelin Networks to talk about securing remote administration, remote credentials, why Jump Servers aren’t as good, and he shows that you have to connect to remote machines using AD! In the Security News, Cisco accidentally released Dirty Cow exploit code, Apache Struts Vulnerabilities, Zero Day exploit published for VM Escape flaw, Spam spewing IoT botnet infects 100,000 routers, some of these vibrating apps turn your phone into a sex toy, and more on this episode of Paul's Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/Episode582

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly