I built pmOS edge onto my pinephone and have ditched all my smartphones. After I figured out how to setup the flatpak / appstream for gnome-software, I got a Linux smartphone experience with numerous apps. I wasn't able to go fully into pinephone until I solved needing a couple of communication apps found on traditional smartphones. Then I discovered Anbox and it's AMAZING. I have Android 7.1.2 running in a container and my phone is really a computer in my pocket with me as root not vendor
If only this worked on the latest kernel for pinebook pro, the GPU/VGA output in QEmu under KVM doesn't load post 5.5 kernels. It's the only thing so far that seems to run under QEmu that is worth hacking around on. I definitely need to find a nice virtual Win10 aarch64 platform, it's going to become more widespread and even with the x64 translation layer it's going to cause headaches for testing tools.
I have to give a huge shoutout to @hackerfantastic he gifted me a diebold voting machine tonight. I’ll be playing with this one for months to come, and when this pandemic finally ends, DC502 will have a great toy to play with!
Now to run Doom on it!
Nice list of currently effective exploits that were being utilized by FireEye’s red team stolen in a recent breach. You should have these in your toolbox https://github.com/fireeye/red_team_tool_countermeasures/blob/master/CVEs_red_team_tools.md
Built Windows 2003 from source code. Interesting to note that there are now several never-to-be-patched vulnerabilities in this OS as it reached EoL and aside from SMBv1 patches in MS17-010 many other RCE have been left in the platform and didn't get patches but have mitigations. I doubt anyone still running this applies mitigations.
Updated the shellcodez and targets in my hfsunsshd to include a working ROP chain for Solaris 11.0 (SunSSH 2.0) on x86. I had to re-write the shellcode for 11.0 as dup2() and execve() have different argument conventions on Solaris 11 systems, also had some additional NULL in the stack address required to mprotect(). I will not be adding more targets or architectures to this (at least publicly) as it now contains the most recent x86 Solaris systems - enjoy! https://github.com/hackerhouse-opensource/exploits/blob/master/hfsunsshdx.tgz
ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/zte-emode.txt
AIX 5.3L libc locale environment handling local root exploit, 0day bought to you via the letters “su” ;) https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/aix53l-libc.c
AIX 5.3L local root 0day. Happy hax0ring. https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/aix53l-lquerypv.c
How Ryuk Ransomware operators made $34 million from one victim https://www.bleepingcomputer.com/news/security/how-ryuk-ransomware-operators-made-34-million-from-one-victim/
Exploiting Solaris 10 -11.0 SunSSH via libpam on x86 - a blog post from Hacker House https://hacker.house/lab/cve-2020-18471/
German prosecutors tried to prove that a ransomware attack on a hospital was to blame for someone losing their life. Their story is a warning https://www.wired.co.uk/article/ransomware-hospital-death-germany
I added another target, Solaris 11 11/11 11.0 Sun_SSH_2.0 x86, to my PoC and discovered the execve() call has been replaced with a new execvex() that breaks all other shellcodes on 11.0 & up. It's relatively easy to fix as execvex() takes a flags argument now which can be set to NULL and it will work as before, this breaks all known public x86 shellcodes for Solaris 11 though so I will have to write a bind shell, put a basic execve() to demonstrate in the PoC.
Co-Founder https://hacker.house - cyber security assurance services & hacker training, author ISBN9781119561453, a book about professional hacking. Exploiter of things. Contact https://hackerfraternity.org
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!