Yet another WiFi Travel Router exploit

Thumbnail containing a photo of the wifi router

WiFi Travel routers are affordable and provide wireless networking as well as file sharing services at low cost. But how secure are they actually? I recently purchased one and had fun smashing its stack. This posts demonstrates how an unauthorized user can take full control over the router without any required user interaction. The full vulnerability is published under CVE-2022-28113.

More …

This NFT will steal your IP

Thumbnail containing the NFT

Here’s a link to an NFT on opensea.io. Do you dare to click on it? If you do, I’ll know your IP Address and whether you are using crypto wallet browser add-ons. This post will show you how it’s done

More …

Exploitation tools for embedded systems

Thumbnail containing a photo terminal commands and a microcontroller

Here’s a collection of tools I commonly use for exploiting embedded systems together with an installation guide. This post will be updated regularly, to include the latest scripts and tools.

More …

WiFi Travel Router Security

Thumbnail containing a photo of the wifi router

The security researcher @silky and I looked into the security of a low-cost wifi travel router. We were able to find and exploit a vulnerability in web interface and escalate privileges from guest user to admin and finally root user. The full vulnerability is published under CVE-2020-29669.

More …

How to build a honeypot

Thumbnail with honeypot dashboard

A Honeypot is a closely monitored computing resource in your network which is intended to be compromised. It allows for in-depth examination of conducted exploits and provides early-warning about new attack trends.

This post shows how to install a Cowrie honeypot together with elasticsearch and kibana for logging ans visualization. Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.

More …