AIX 5.3L local root 0day. Happy hax0ring. https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/aix53l-lquerypv.c
How Ryuk Ransomware operators made $34 million from one victim https://www.bleepingcomputer.com/news/security/how-ryuk-ransomware-operators-made-34-million-from-one-victim/
Exploiting Solaris 10 -11.0 SunSSH via libpam on x86 - a blog post from Hacker House https://hacker.house/lab/cve-2020-18471/
German prosecutors tried to prove that a ransomware attack on a hospital was to blame for someone losing their life. Their story is a warning https://www.wired.co.uk/article/ransomware-hospital-death-germany
I added another target, Solaris 11 11/11 11.0 Sun_SSH_2.0 x86, to my PoC and discovered the execve() call has been replaced with a new execvex() that breaks all other shellcodes on 11.0 & up. It's relatively easy to fix as execvex() takes a flags argument now which can be set to NULL and it will work as before, this breaks all known public x86 shellcodes for Solaris 11 though so I will have to write a bind shell, put a basic execve() to demonstrate in the PoC.
I learnt a very fascinating thing, on Solaris if you call mprotect() it doesn’t care about the size argument, it’ll error but still map the available pages with the access requested. So you can do mprotect(0x08043000,0x41424344,0x7); and the stack will be rwx even tho the function errors. This is glorious.
SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871 - now supports 3 targets for Solaris 10 through 11 on x86. I added bind shells but any other shellcode can be swapped into the buffers place if you prefer a connect back. In the future I will add some SPARC targets, pty handler and a find socket payload. I may even add a few targets for Illumos based distributions. This issue can't be triggered on Solaris 11.1 & up nor does Solaris 9 ship vulnerable.
SunSSH RCE PoC for x86, tested on Solaris 10. Technique works on x86 only, uses ROP to defeat nxstack and a shellcode stub to use msf payloads. Happy Hacking! https://github.com/hackerhouse-opensource/exploits/blob/master/hfsunsshdx.tgz
Finally got the pinephone GTK rust starter app to build on device & pinebook. Had to use Manjaro beta phosh, it appeared like it might build on pmOS edge but definitely wouldn’t on stable. Pretty excited to write a mobile app in rust, glade opened the app UI fine and it builds the same on both devices which will make testing & developing simpler.
A new #developer #snapshot of our #phosh edition just got online: https://osdn.net/projects/manjaro-arm/storage/pinephone/phosh/beta1-20201024/ Test it out on your #pinephone. They are still in stock: https://pine64.com/product-category/pinephone/
Original tweet : https://twitter.com/ManjaroLinux/status/1320116694325579782
Skyhub is using SDR's, Cameras and AI to search for UFO proof - "A world wide search for UFOs using a global network of machine learning, smart cameras and sensor arrays built by you with our open-source software for the largest observational science project in history" - https://skyhub.org/
Positive affirmations of 2020, Windows 2003/XP source code leaked and is buildable, Nintendo ROM's leaked and included prototype games with developer modes never seen before & Pinephone/PinebookPro released making a fully open FOSS buildable laptop/phone solution. I am grateful for all these things, but the most unsettling news of 2020 so far that isn't apocalyptic pandemic viral outbreak is that SETI@HOME is no longer distributing work units :( This saddens me and it only covered 2% of the sky!
This is the pinephone OS I want to become stable, the UX Lomiri is so clean and beautiful to use. It’s in an early alpha state, crashes and has many bugs but if Manjaro gets this UX to stable it will reign king of the Linux on mobile. Ubuntu Touch uses the same UX but comes with too much bloat for my tastes. Great game boy emulator tho.
If you don’t read the code, how will you find the backdoors? As for using libpurple to handle SMS passed over a D-Bus interface... I have concerns. Going up against the pinephone web renderer and jscript engines seems difficult, the radio interface layer is best bet for a good RCE, either Linux Bluetooth / WiFi or some telephony stack bug in handling SMS/MMS. The hardware decisions around the baseband make it more difficult to reach OS from the RIL, but libpurple? It’s more holy than the Pope.
I just spent time digging into the telephony stack of the pinephone, Lomiri uses Ofono and Phosh systems are using ModemManager with D-BUS. It's so much better than any Android or iOS device for so many reasons. I fuzzed the non-common browsers, turns out Morph is basically Chrome wrapped in QtWebEngine. I'm happy with postmarketOS especially now that Anbox works to emulate Android. I really cannot fault this device for the cost and control you get, it's a fully mobile Linux desktop on aarch64.
Co-Founder https://hacker.house - cyber security assurance services & hacker training, author ISBN9781119561453, a book about professional hacking. Exploiter of things. Contact https://hackerfraternity.org
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!