Intro This article covers the two CVE’s we found during our thesis work earlier this year. The devices concerned are two D-Link IP cameras. In the table below you can see the names and models and respectively their hardware and software versions. Manufacturer Model Software Version Hardware Version D-Link DCS-5000L 1.05 A D-Link DCS-932L 2.17 B Table 1 – Software and Hardware Versions The setup Our testing setup was pretty simple. In this scenario we connected the two cameras, a client running MacOS and evil client running Linux to a router. For an exact setup see Figure 1. Affected http://CAMERA_IP:80 (CVE-2021-41504) http://CAMERA_IP/video.cgi (CVE-2021-41503) Reproducibility This section contains the step necessary…
-
-
Passwords for the different writeups!
Are you stuck on some box on HTB? Do you want to have access to all the write-ups ? Answer to the Ultimate Question of Life, the Universe, and Everything! Good luck!
-
LFI – Challenge
This article will cover on room of TryHackMe. This was a easy room meant to let you train LFI (Local File Inclusion). If you don’t know what LFI is please go back to the training page and read the articles, or click here. Enumeration Usually when it comes to CTFs or this type of machines I like running nmap to see what are the available port. As you can see on the image bellow we have two ports open – Port 80 and Port 22. Well port 80 is associated with web applications so lets see what we have there. Bare in mind that this is an LFI task so…
-
Armageddon Write Up – Hack The Box
Enumeration The start step for this box is as usual. I am using nmap to check which ports are open and what services are there. As it can be seen from the picture above there are two ports open. My method is to start on port 80. From the scan results it can be seen that there is an Apache server that runs and Drupal version 7. Also we ca see several file locations. That is a lot of information from a single scan. Foothold After some googling I found that Drupal 7 can be exploited with a metasploit module. That is awesome! The module that needs to be used…
-
Spectra Write Up – Hack The Box
Enumeration The start step for this box is as usual. I am using nmap to check which ports are open and what services are there. As you can see there are several ports open. In general I start my recon from port 80. Port 80 means that there is some kind of a web page. Usually from previous experience I edited my /etc/hosts file to add spectra.htb. At first glance at the page … well it does not give a lot of information. There are 2 links and of course the rule is “Click all links” so I did that. I run also dirbuster in the background because one of…
-
Bucket Write Up – Hack The Box
Enumeration: Lets start with running nmap. You can see the picture bellow and the command used to obtain that scan. nmap -T4 -A -Pn 10.10.10.212 From the scan we see that there is a redirect to http://bucket.htb/, So what I did is add it to the /etc/hosts. After go to the domain. I usually check the source to see if there is something interesting. And there it was. I added this new domain to the hosts file. I checked both places. The next step is to scan for other directories. I used gobuster. Bellow you can see the command and use it. sudo gobuster dir -w '/usr/share/wordlists/dirb/big.txt' -t 50 -e…
-
Delivery Write Up – Hack The Box
Enumeration: To start the enumeration as always I am using nmap to see which ports are open and what services are available on that ports. As you can see from the screen shot, there are two ports open. Port 80 and port 22. Usually I start on port 80. Lets see what do we have there. Oh look it is a website what a surprise. Lets see the source and if we can find something. Oh.. thats good. we found a url. http://helpdesk.delivery.htb That is nice. After some more enumeration I found one more url:delivery.htb:8065 This can be seen in other place if you follow the links on the “Contact”…
-
5 tips for personal cyber security
Hello there. In this post I will talk about five simple tips that can increase your personal awareness when it comes to cyber security. 1. Update your software Well that point is kind of no brainer. Usually software updates carry fixes for different problems and bugs. If there is any found vulnerability most of the time, the developers of the software would make a patch and send an update as soon as they can. Not all updates carry security stuff inside but actually you are not loosing anything. Also you can check in the description box what the update will include. That applies for all your electronics or platforms that…
-
Fuse Write Up – Hack The Box
Enumeration: Lets start with whats open on the box and what we can exploit. A quick nmap scan gives us: Holly Fu@k so many ports. I usually start with port 80. By going to the webpage I noticed that the URL is wired, so i decided to add it to the /etc/hosts. Ok so now we have a website. I started browsing around and hoping I can use something. Then I start seeing some users that have used the specific printer. I made a list of all users. You can check it bellow: pmerton, tlavel, sthompson, bhult, administrator Well time to collect some passwords because now we have bunch of…
-
Tabby Write Up – Hack The Box
Enumeration First I started with the enumeration of the box. A simple nmap scan with a command gave me the result: Initial Foothold: From the nmap results we can see that there are 3 ports open: 22, 80, 8080. We can also see that on port 8080 there is a Tomcat server running. The website on port 80: The website on port 8080: After clicking on all the links on the port 80 website I found something interesting. From here you need to do some steps. First add megahosting.htb to the /etc/hosts After that is done we can see that we have the possibility for LFI. I ususally try to…
