2013-02-22

Embedthis Appweb 4.2.0-0 - DoS POC

Embedthis Appweb 4.2.0-0 - DoS Exploit:

!exploitable result:
Exploitability Classification: UNKNOWN
Recommended Bug Title: Data from Faulting Address controls Branch Selection starting at libmpr!mprSeekFile+0x000000000000000f (Hash=0x0c566765.0x0c1b6765)
The data from the faulting address is later used to determine whether or not a branch is taken.
Download Here.

2013-01-13

DD-WRT Network Sniffing

My DD-WRT router unfortunately does not have the option to create a TAP/Mirror Port, but using IPTables we can make a copy of all traffic and forward it to a IP:

SSH to your Router, in this case we are going to forward traffic to my IDS on: 192.168.1.200
iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.200 --tee
iptables -A POSTROUTING -t mangle -j ROUTE --gw 192.168.1.200 --tee
To confirm the rules have been created we can run the following command:
iptables -L -t mangle
To remove the rule we run the following command:
iptables -F -t mangle