From Shodan to Remote Code Execution #3: Hacking the Belkin N600DB Wireless Router

Our newest post of this interesting series of Shodan to RCE takes us to Belkin routers. Shodan search: “Server: httpd” “Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0” “100-index.htm” As at the time of writing this post, there were not so many results for the Belkin routers )-: By navigating to one of the shodan search results, we may getContinue reading “From Shodan to Remote Code Execution #3: Hacking the Belkin N600DB Wireless Router”

From Shodan to Remote Code Execution #1 – hacking Jenkins

In this era of extreme automation, whether for development, programming deployment or even security management are we getting closer to security maturity or are we better off without the automation? In the next posts, I hope to uncover some of the tools/ applications employed on enterprises geared towards automation and better security but end upContinue reading “From Shodan to Remote Code Execution #1 – hacking Jenkins”

SAMBAry save us!!

Remember linux users laughing at Windows users because of the now all too famous Wannacry? Karma. According to Samba, “All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load andContinue reading “SAMBAry save us!!”

From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0

A sequel to the last post of what is now becoming a series of “From Shodan to remote code execution”, we now take a look at how to hack misconfigured Dreambox installations. Dreambox is a company which offers Digital TV set top boxes and other related services. Shodan search: Perform a shodan search as below:Continue reading “From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0”

Do you know what your ERP is telling us?

Interesting engagement I had a few weeks ago, a client wanted assurance on their ERP – Oracle E-Business suite, to be specific. I spent a few weeks just to formulate an efficient strategy and be able to cover most controls from an insider threat perspective and an external authenticated attacker angle. For this post, IContinue reading “Do you know what your ERP is telling us?”

Auditing linux , unix 120 seconds flat

Well, most of us have seen the movie Gone in 60 seconds, so I decided to write a baseline script for auditing linux and most unix operating systems in well under 2 mins – averages about  130 seconds on my test Centos and Red hat distributions. The script is modeled around most of the operating systemContinue reading “Auditing linux , unix 120 seconds flat”