Uncategorized

A Flashback of my Childhood – NOIP XSRF

No-Ip is a free DNS providing service for users. I’ve signed up for an account when I was at the age of eleven long times back. Mainly I used it for configuring my RATs (Remote Administration Tools) for forwarding the connection from the No-IP DNS to my external IP. So it was long time back and I just used it for testing purposes only. After that I’ve never wanted to use a DNS service for any reason. One day I accidently visited no-ip and to my surprise my previous account was still active which I created long time back 🙂

I did not have any intention of finding any kind of vulnerability. But at that moment my Burp Suite was in intercepting mode and I was experimenting with another web application. I created a new no-ip account for testing some of my reverse tcp dns shells. After the testing was done I just deleted my account since it was a fake random account. As time passed by testing my other application and my shells I saw the HTTP request of the deletion of my fake no-ip account in the history. It had no XSRF token used. W00t! I was able to delete any account when the user just opens my malicious request. Well, Here is the proof of concept.
(more…)

Blue Ivy Logger

View post on imgur.com

Blue Ivy Logger is a powerful keylogger for Windows environments. You have a variety of options to generate your customized logger. Author takes no responsibility for any kind of damage you cause.
This is developed for educational and research purposes only. Use this at your own risk.

Download:
https://github.com/OsandaMalith/BlueIvy

Creative Commons License
Blue Ivy Logger by Osanda Malith Jayathissa is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Based on a work at http://osandamalith.wordpress.com.

Chmod 0777 Polymorphic Shellcode

This is my first hand written shellcode for linux which I wrote it for fun and exploration. I am a bit new to shellcoding in *nix environments. This shellcode changes the permission of the shadow file in linux/x86 system to 0777. According to the Linux programmer’s manual of chmod it takes two arguments.
[code language=”c”]
#include <sys/stat.h>

int chmod(const char *path, mode_t mode);
[/code] (more…)

ZTE WXV10 W300 Multiple Vulnerabilities

Default Password Being Used (CVE-2014-4018)

In ZTE routers the username is a constant which is “admin” and the password by default is “admin”

ROM-0 Backup File Disclosure (CVE-2014-4019)

There is a rom-0 backup file contains sensitive information such as the passwords. There is a disclosure in which anyone can download that file without any authentication by a simple GET request.

http://192.168.1.1/rom-0 (more…)

ZTE and TP-Link RomPager DoS

Introduction

I think by now you know the security issues disclosed related to TP-Link routers. I’ve noticed that some ZTE and TP-Link routers have the same ADSL firmware which is “FwVer:3.11.2.175_TC3086 HwVer:T14.F7_5.0”. I was curious to test the web application and I found out that the embedded server which is “RomPager” cannot handle fairly large POST requests.
Tested Routers: