Exploiting Same Origin Method Execution Vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick a user to visiting a malicious web-page which…

My Robot Has WiFi!

Wireless communication using Bluetooth! Thanks to the Adafruit EZ-Link!  Basically that tiny board sticking out on top is a Bluetooth Serial-Link, allows me to remove the cable that binds the robot to my PC / MAC.  Now I cannot only program the robot wirelessly, but if I choose to, I can send it commands wirelessly over the air – thus completing Asimov’s second rule of robotics (if you don’t know the…

It Can See; Giving Your Bot Sight!

Previously we unveiled our love for the Arduino and the Zumo Shield that gives us a massive head start to building our own robot army.  The basic shield has a Zumo reflectance sensor array for primarily line following, and an LSM303DLHC accelerometer & magnometer (magnet-o-meter) for navigation.  But a lot of the remaining Arduino pins are not used, so this gives us the capability to add more tech or sensors so our robot can…

Yet Another HeartBleed.

This Heartbleed Information Disclosure Vulnerability has pretty much been covered all over the internet today (8th April 2014).  As a one-page-stop summary, please read below: An online site exists to check vulnerabilities: http://filippo.io/Heartbleed/ Source Code available at: https://github.com/FiloSottile/Heartbleed A python script (thats much better): http://s3.jspenguin.org/ssltest.py A second version of above code with STARTTLS Support: https://gist.github.com/takeshixx/10107280 A good breakout of why the bug exists is here: http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html Watching twitter has been entertaining, login.yahoo.com has been leaking user…

Rise of the Machines: Arduino Bots

Robotics Week Its robotics week (April 5th – 13th) 2014 (http://www.nationalroboticsweek.org), on Arduino Day (29th March 2014) I posed the question “What will you Build?”.  Well here in the Pentura office, we went out and bought some Zumo Shields from Pololu.  The shields are also available from our favourite electronics provider Adafruit.  The shield is a quick an easy insertable arduino shield that slides perfectly into place on an Arduino Uno R3…

Whitehatsec’s Aviator

A new web browser is brought to us from Whitehatsec called Aviator, built for speed, security and privacy.  Its based on the Open-Source Chromium browser and can utilise many of Chrome’s browser plugins. The browser boasts that with every website you visit, you are potentially vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. That the “big browsers” don’t do enough…

New WiFi Pineapple; From Britain with Love!

Introduction Since approximately around the time of our posting Blue for the Pineapple (6 months ago). Hak5 Pineapple Team have disappeared underground to produce the new Mark 5 Pineapple. A customised board that is cheaper to produce and more easily affordable. The Mark 5 has 2x WiFi cards (Atheros 9331 & RTL8187 (famously known as an Alfa)), with SMA connectors. Twice the RAM & ROM (16MB & 64MB), with the…

[SOLVED] Arduino UNO – Can’t Upload Sketches Larger than 30KB

Introduction Relating to the previous Gamby post, many people may have trouble uploading some of the game sketches to their UNO board as they are over 30KB.  The ATMEGA 328P (chip on the UNO) should allow upto 32KBytes of memory; but then people forget there is the addition of the bootloader which in older models occupies 2KB of memory. The bootloader is a special piece of software that makes reflashing…

SDR – ADS-B Decoding: dump1090 (Linux/OSX)

Previously, I covered RTL1090 to observe ADS-B signals on the Microsoft Windows Operating System. In this post post I will walk you through the simple operation of the Linux & OSX equivalent dump1090.  This Open-Source package performs just as good as its Windows counterpart, maybe even better as no additional mapping software is necessary. Source Code git clone https://github.com/antirez/dump1090.git

SNMP – The Missing MIB

Introduction Many users of SNMP Network Management Tools / Penetration Test Tools, may find that recent versions of software including the popular SNMPwalk appear to be missing MIBs, or that previously available information is now mysterious missing.  This is more prominent on Debian or Ubuntu based systems (any system that compiles from source like Gentoo , appear unaffected).  This is additionally important for Penetration Tester Professionals that have an exam…