Built Ghidra with the new debugging feature, keen to try it out on something practical. It won't build on aarch64 annoyingly so couldn't compile it on my pinebook pro as the debugger component uses protoc that supports only x86/x86, hope they add arrch64. However, ImHex compiled perfectly on the pbp and I discovered that if you enable OpenGL 3.3 extensions, it works!
Removing the US president from social media sends a powerful message about the censorship companies like Facebook and Twitter can enforce. We give them control over data and public debates that require discussion on opposing views to engage with one another to resolve conflicts. Our world has never been as divided as it is today and it is through division that we as people are conquered. You cannot have a revolution without unity. The world needs to have access to information free of censorship.
St. Maximilian Maria Kolbe - the patron saint of Amateur Radio. He volunteered himself to die in place of another man at Auschwitz and is celebrated on August 14th. A friar, he is pictured here using his radio rig. During World War II his radio transmissions under the callsign SP3RN helped foreign allies learn of the atrocities in Poland.
Chaos Computer Club Congress this year is a browser based MMORPG https://rc3.world/rc3 (requires ticket).
Missed out on ticket? You can live-stream the talks and join Matrix chats:
Live stream: https://streaming.media.ccc.de/rc3
36C3 Android app works with rC3 schedule - APK https://f-droid.org/en/packages/info.metadude.android.congress.schedule/
URL setup - https://fahrplan.events.ccc.de/rc3/2020/Fahrplan/schedule.xml
SunOS kernel mode payload, this neat little trick will form the basis of my LPE exploit's for the OS, a very short payload stub that will locate and overwrite a process privilege structure to obtain root privileges. This is the basis of how a kernel read/write exploit primitive could be used to gain root.
Using Android anbox on the pinephone, you can virtualize an Android 7.1.2 image (API 25) in an LXC container, as you can run it is as root you can use it to dynamic instrument and mitmproxy the communication on-device. It's linux so all the usual Linux dm-crypt & LUKS applies. An interesting thing I learned https://linux-sunxi.org/JTAG - this has to be the most interesting place to hack the CPU :-) insert a magic MicroSD card to get root or pop a hidden secret file system.
I built pmOS edge onto my pinephone and have ditched all my smartphones. After I figured out how to setup the flatpak / appstream for gnome-software, I got a Linux smartphone experience with numerous apps. I wasn't able to go fully into pinephone until I solved needing a couple of communication apps found on traditional smartphones. Then I discovered Anbox and it's AMAZING. I have Android 7.1.2 running in a container and my phone is really a computer in my pocket with me as root not vendor
If only this worked on the latest kernel for pinebook pro, the GPU/VGA output in QEmu under KVM doesn't load post 5.5 kernels. It's the only thing so far that seems to run under QEmu that is worth hacking around on. I definitely need to find a nice virtual Win10 aarch64 platform, it's going to become more widespread and even with the x64 translation layer it's going to cause headaches for testing tools.
I have to give a huge shoutout to @hackerfantastic he gifted me a diebold voting machine tonight. I’ll be playing with this one for months to come, and when this pandemic finally ends, DC502 will have a great toy to play with!
Now to run Doom on it!
Nice list of currently effective exploits that were being utilized by FireEye’s red team stolen in a recent breach. You should have these in your toolbox https://github.com/fireeye/red_team_tool_countermeasures/blob/master/CVEs_red_team_tools.md
Built Windows 2003 from source code. Interesting to note that there are now several never-to-be-patched vulnerabilities in this OS as it reached EoL and aside from SMBv1 patches in MS17-010 many other RCE have been left in the platform and didn't get patches but have mitigations. I doubt anyone still running this applies mitigations.
Updated the shellcodez and targets in my hfsunsshd to include a working ROP chain for Solaris 11.0 (SunSSH 2.0) on x86. I had to re-write the shellcode for 11.0 as dup2() and execve() have different argument conventions on Solaris 11 systems, also had some additional NULL in the stack address required to mprotect(). I will not be adding more targets or architectures to this (at least publicly) as it now contains the most recent x86 Solaris systems - enjoy! https://github.com/hackerhouse-opensource/exploits/blob/master/hfsunsshdx.tgz
ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/zte-emode.txt
AIX 5.3L libc locale environment handling local root exploit, 0day bought to you via the letters “su” ;) https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/aix53l-libc.c
Co-Founder https://hacker.house - cyber security assurance services & hacker training, author ISBN9781119561453, a book about professional hacking. Sysop of UNIX Hacker's Fraternity (uHF) BBS ~ https://hackerfraternity.org
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!