Friday, 22 February 2013

Embedthis Appweb 4.2.0-0 - DoS POC

Embedthis Appweb 4.2.0-0 - DoS Exploit:

!exploitable result:
Exploitability Classification: UNKNOWN
Recommended Bug Title: Data from Faulting Address controls Branch Selection starting at libmpr!mprSeekFile+0x000000000000000f (Hash=0x0c566765.0x0c1b6765)
The data from the faulting address is later used to determine whether or not a branch is taken.
Download Here.

Sunday, 13 January 2013

DD-WRT Network Sniffing

My DD-WRT router unfortunately does not have the option to create a TAP/Mirror Port, but using IPTables we can make a copy of all traffic and forward it to a IP:

SSH to your Router, in this case we are going to forward traffic to my IDS on:
iptables -A PREROUTING -t mangle -j ROUTE --gw --tee
iptables -A POSTROUTING -t mangle -j ROUTE --gw --tee
To confirm the rules have been created we can run the following command:
iptables -L -t mangle
To remove the rule we run the following command:
iptables -F -t mangle