I learnt a very fascinating thing, on Solaris if you call mprotect() it doesn’t care about the size argument, it’ll error but still map the available pages with the access requested. So you can do mprotect(0x08043000,0x41424344,0x7); and the stack will be rwx even tho the function errors. This is glorious.
SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871 - now supports 3 targets for Solaris 10 through 11 on x86. I added bind shells but any other shellcode can be swapped into the buffers place if you prefer a connect back. In the future I will add some SPARC targets, pty handler and a find socket payload. I may even add a few targets for Illumos based distributions. This issue can't be triggered on Solaris 11.1 & up nor does Solaris 9 ship vulnerable.
SunSSH RCE PoC for x86, tested on Solaris 10. Technique works on x86 only, uses ROP to defeat nxstack and a shellcode stub to use msf payloads. Happy Hacking! https://github.com/hackerhouse-opensource/exploits/blob/master/hfsunsshdx.tgz
Finally got the pinephone GTK rust starter app to build on device & pinebook. Had to use Manjaro beta phosh, it appeared like it might build on pmOS edge but definitely wouldn’t on stable. Pretty excited to write a mobile app in rust, glade opened the app UI fine and it builds the same on both devices which will make testing & developing simpler.
A new #developer #snapshot of our #phosh edition just got online: https://osdn.net/projects/manjaro-arm/storage/pinephone/phosh/beta1-20201024/ Test it out on your #pinephone. They are still in stock: https://pine64.com/product-category/pinephone/
Original tweet : https://twitter.com/ManjaroLinux/status/1320116694325579782
Skyhub is using SDR's, Cameras and AI to search for UFO proof - "A world wide search for UFOs using a global network of machine learning, smart cameras and sensor arrays built by you with our open-source software for the largest observational science project in history" - https://skyhub.org/
Positive affirmations of 2020, Windows 2003/XP source code leaked and is buildable, Nintendo ROM's leaked and included prototype games with developer modes never seen before & Pinephone/PinebookPro released making a fully open FOSS buildable laptop/phone solution. I am grateful for all these things, but the most unsettling news of 2020 so far that isn't apocalyptic pandemic viral outbreak is that SETI@HOME is no longer distributing work units :( This saddens me and it only covered 2% of the sky!
This is the pinephone OS I want to become stable, the UX Lomiri is so clean and beautiful to use. It’s in an early alpha state, crashes and has many bugs but if Manjaro gets this UX to stable it will reign king of the Linux on mobile. Ubuntu Touch uses the same UX but comes with too much bloat for my tastes. Great game boy emulator tho.
If you don’t read the code, how will you find the backdoors? As for using libpurple to handle SMS passed over a D-Bus interface... I have concerns. Going up against the pinephone web renderer and jscript engines seems difficult, the radio interface layer is best bet for a good RCE, either Linux Bluetooth / WiFi or some telephony stack bug in handling SMS/MMS. The hardware decisions around the baseband make it more difficult to reach OS from the RIL, but libpurple? It’s more holy than the Pope.
I just spent time digging into the telephony stack of the pinephone, Lomiri uses Ofono and Phosh systems are using ModemManager with D-BUS. It's so much better than any Android or iOS device for so many reasons. I fuzzed the non-common browsers, turns out Morph is basically Chrome wrapped in QtWebEngine. I'm happy with postmarketOS especially now that Anbox works to emulate Android. I really cannot fault this device for the cost and control you get, it's a fully mobile Linux desktop on aarch64.
Here's what you probably didn't know you needed ... until now:
The @ManjaroLinuxARM @thepine64 #PinePhone running #retroarch 😎🤣
Original tweet : https://twitter.com/ManjaroLinux/status/1318985023350079502
Check out the announcement:
Fake pop-ups through ElectrumX update notifications have been used to steal $22 million worth of BTC. Security experts need to understand that attackers use *whatever* *works* -if you ask the user to give you access to their computer - they frequently will - as simple as a pop-up notification and trojan wallet installer was all that anyone ever required to exploit the open nature of code and crypto. https://www.zdnet.com/article/bitcoin-wallet-trick-has-netted-criminals-more-than-22-million/
Android ransomware has picked up some ominous new tricks https://arstechnica.com/information-technology/2020/10/android-ransomware-has-picked-up-some-ominous-new-tricks/
Apple’s T2 security chip has an unfixable flaw - Checkm8 vulnerability used to jailbreak iPhones hits Macs as well https://arstechnica.com/information-technology/2020/10/apples-t2-security-chip-has-an-unfixable-flaw/
Co-Founder https://hacker.house - cyber security assurance services & hacker training, author ISBN9781119561453, a book about professional hacking. Sysop of UNIX Hacker's Fraternity (uHF) BBS ~ https://hackerfraternity.org
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!