Breaking

Git Shell Bypass By Abusing Less (CVE-2017-8386)

The git-shell is a restricted shell maintained by the git developers and is meant to be used as the upstream peer in a git remote session over a ssh tunnel. The basic idea behind this shell is to restrict the allowed commands in a ssh session to the ones required by git which are as follows:

  • git-receive-pack
    • Receives repository updates from the client.
  • git-upload-pack
    • Pushes repository updates to the client.
  • git-upload-archive
    • Pushes a repository archive to the client.

Besides those built-in commands, an administrator can also provide it’s own commands via shell scripts or other executable files. As those are typically completely custom, this post will concentrate on the built-in ones.

Note: This has nothing to do with the also recently fixed vulnerabilities in gitlab [1] [2].

Continue reading “Git Shell Bypass By Abusing Less (CVE-2017-8386)”

Continue reading
Breaking

Autonomic Network Part 3: Vulnerabilities

This is the 3rd post in the series of Autonomic Network (AN), it will dedicated for discussing the vulnerabilities. I recommend reading the first 2 parts (part one, part two) to be familiar with the technology and how the proprietary protocol is constructed.

Initially we will discuss 2 of the reported CVEs, but later there is more CVEs to come 😉

Continue reading “Autonomic Network Part 3: Vulnerabilities”

Continue reading
Breaking

This is Why Your Wireless Mouse Should Have a Tail and Your Presenter is a Fail

Puh…it’s been a long time since my last post, huh?
However, let’s get straight back to topic. Today, I want to issue a warning, especially in face of upcoming Troopers 2017 (less than two days to go, wooo! 10th anniversary!): be careful when using wireless equipment (presenters, mouses, keyboards,…), especially during Troopers, but also in daily use. Continue reading “This is Why Your Wireless Mouse Should Have a Tail and Your Presenter is a Fail”

Continue reading
Breaking

Autonomic Networking – Part 2: Analysis

This is the second part in the Autonomic Network series. We have introduced previously in our first part the Autonomic Network (AN), took a look about the needed configuration to run it on Cisco gear and what is the expected communication flow. In this post, we will dive deeper to have a closer look on the packets and how they are composed. Continue reading “Autonomic Networking – Part 2: Analysis”

Continue reading
Breaking

Autonomic Networking – Part 1: Overview

This is a 3-part series which introduces and analyzes Cisco’s implementation for Autonomic Network. In the 1st part, the technology is introduced and we have an overview about communication flow. In the 2nd part, Cisco’s proprietary protocol is reverse engineered 😉 then finally in the 3rd part, multiple vulnerabilities will be disclosed for the first time. If you’re aware of the technology, you can skip directly to part 2 where the action begins!  Continue reading “Autonomic Networking – Part 1: Overview”

Continue reading
Breaking

Insomni’hack pwn50 write-up

Hi all,

i´ve looked a bit at the Insomni’hack CTF which took place on the 21st January and lasted for 36 hours.
For the sake of warming up a bit for our Troopers workshop Windows and Linux Exploitation,
I decided to create a write-up of the first pwn50 challenge.

To grab your own copy of the presented files you can also find it in our Github repository:

Continue reading “Insomni’hack pwn50 write-up”

Continue reading
Breaking

A short Addendum on the Mirai Botnet Blog Post

While doing heap research on Linux processes (results are going to be published soon), I came across the bot from the Mirai Botnet. As already mentioned in the blog post by Brian, the Mirai bot uses obfuscated configuration data which contains e.g. the CnC server. When now confronted only with a bot (e.g. in the context of a running task or the ELF binary), but without the according source code, the decryption of this configuration data for e.g. incident analysis purposes might not be easily possible (with the python script from the blog post), if the key has been changed.
But in this case that is not a problem at all, because Continue reading “A short Addendum on the Mirai Botnet Blog Post”

Continue reading
Breaking

Analyzing yet another Smart Home device

As you have probably already recognized, some of us here at ERNW are doing research in the area of smart home technologies e.g. KNX. Recently, we took a deeper look into a device which is used to control a smart home system produced by the vendor BAB TECHNOLOGIE GmbH called “eibPort”. This device can be used to control smart home systems based on different technologies e.g. EnoCean or KNX depending on the version of the device. Continue reading “Analyzing yet another Smart Home device”

Continue reading