The folks that run the website RTL-SDR have a comprehensive list of all the software defined radio (SDR) software, both commercial and free. That list can be found here:
Default password lists
I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:
* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.
Always available CTF Labs
I have identified the following CTF labs which are 24/7 and most if not all are free:
-
- 24/7 CTF: https://247ctf.com/ (Added 11/7/2019)
- Immersive Labs: https://immersivelabs.online
- pwnable.xyz (good for people new to CTF): https://pwnable.xyz/
- 365 CSAW: https://365.csaw.io
- CTF101: https://ctf101.org/
- Shellter Hacking Express: https://shellterlabs.com/en/contests/
- Backdoor: https://backdoor.sdslabs.co/
- ShellWePlayAGame?: https://shellweplayagame.org/
- RootMe: https://www.root-me.org/?lang=en
- OverTheWire: https://overthewire.org/wargames/
- Virginia Cyber Range: https://portal.virginiacyberrange.net/
- Hack The Box: https://www.hackthebox.eu/
- FuzzyLand: https://fuzzy.land/
- Hacking Lab: https://www.hacking-lab.com/index.html
To everyone that made me aware of these thank you!
RustScan: A more efficient way to do port scanning
RustScan is a new tool release by Black Hat Ethical Hacking that wraps around nmap to make a network scan more efficient.
Links:
-
- GitHub: https://bit.ly/2BKEmg5
- Black Hat Ethical Hacking: https://bit.ly/2Xbko5R
Tsunami: Google publishes a modular security scanning framework
The folks over at Google have recently open sourced a modular security scanning framework called Tsunami. Right now it uses nmap and ncrack as it’s core underlying tools, but they built it in a modular fashion that makes integrating other tools easier and they also are focused on having no false positives which tends to be the Achilles’ heel of most vulnerability scanners.
Links:
-
- ZDNet Article: https://zd.net/32nhJJM
- GitHub Repo: https://bit.ly/3fxYhxw
- Plugin GitHub Repo: https://bit.ly/2WpqOO6
SIGRed: A 17 year old bug in Windows DNS server
SIGRed (CVE-2020-1350) was recently discovered by Checkpoint Security and is a vulnerability in Windows Domain Server (DNS) which will allow for anonymous remote code execution (RCE) by sending a malformed DNS response and will allow an attacker to run as SYSTEM. This has been in the Windows DNS Server since Windows Server 2003 and affects even Windows Server 2019 and could easily be turned into a self replicating worm. This has a CVSS score of 10.0 on a 10 point scale, which is the highest rating on the scale. A patch is now available from Microsoft.
Links:
-
- Checkpoint Security: https://bit.ly/32rNfq1
- The Hacker News: https://bit.ly/32mr3NG
- NIST CVE Entry: https://bit.ly/3fyp2lk
SMBGhost has a brother: SMBleed!
While taking a look at the SMBGhost vulnerability, security researchers at ZecOps discovered another seperarate bug in the SMB compression subsystem that they are calling “SMBleed” (CVE-2020-1206). Microsoft has issued patches for both SMBGhost and SMBleed in June’s PatchTuesday.
Links:
-
- ZecOps Write Up: https://bit.ly/3f9bjRx
- ZecOps PoC Source Code: https://bit.ly/3hdUQ09
- NIST CVE Bulletin: https://bit.ly/2YrnYs8
Update: SMBGhost is now a remote exploit
I just read and article where a security research was able to take the SMBGhost (CVE-2020-0796) exploit, which was previously just a local privilege escalation, and make it remote and has the potential to be turned into a worm. SMBGhost is a vulnerability in the SMB3 compression feature. Microsoft has yet to release a patch.
Links:
-
- Arstechnica Article: https://bit.ly/2YppYBs
BlueFrag: The Android Bluetooth exploit
I posted about a back in February about a new Android bug in the Bluetooth stack (CVE-2020-0022). This is a nasty bug that affects Android 8-10 devices and requires no user interaction the attack just needs to be in proximity to any Android device that has Bluetooth enabled. In Android 8 and 9 it’ll gain remote code execution and in Android 10 it’ll just crash the Bluetooth stack. BlueFrag is the name of the exploit that takes advantage of this vulnerability.
Links:
-
- Article: https://bit.ly/2LoMmoe
DEF CON 28 officially cancelled!
I just read on the official DEF CON Twitter account that Dark Tangent has decided to cancel DEF CON 28 due to the COVID-19 pandemic. The good news is he said it was the “in-person” conference held in Las Vegas, so there is still hope that they will have a virtual version of it just like Way West Wild Hackin’ Fest did in March for their in-person conference for the same reason.
Links:
-
- DEF CON Twitter Post: https://bit.ly/2WHXSR3
SSH to remote hosts though a proxy or bastion with ProxyJump
ProxyJump makes SSH’ing from a bastion to hosts behind it very convenient and it is built into SSH since v7.3. It makes use of the ProxyCommand underneath the hood that will dispatch commands to another SSH connection and display the output and has been in SSH for a “long time” according to the article.
Links:
-
- Article: https://red.ht/2YM5CnJ
Two SDR dedicated Linux distros
I guess one of the benefits of being on lockdown is that security engineers have a lot of free time on their hands to create new Linux distributions and in this case there are two new Linux distros that have been developed focusing on software defined radios.
-
- DragonOS – DragonOS LTS an out-of-the-box Lubuntu 18.04 based x86_64 operating system for anyone interested in software defined radios. All source installed software is located in the /usr/src directory while the remaining software was installed by package managers. This is a brief summary of the software included, while not complete, it covers the bigger named packages and some of the drivers installed for the various supported SDRs such as the HackRF One, RTL-SDR, and LimeSDR. This distro includes the following SDR related tools: Universal Radio Hacker, GNU Radio, Aircrack-ng, GQRX, Kalibrate-hackrf, wireshare, gr-gsm, rtl-sdr, HackRF, IMSI-catcher, Zenmap, inspectrum, qspectrumanalyzer, LTE-Cell-Scanner, CubicSDR, Limesuite, ShinySDR, SDRAngel, SDRTrunk, Kismet, BladeRF
- Gorizont-rtlsdr – This distribution contains only RTL2832U chipset family rtl_sdr drivers and modules, and concentrates on providing terrestial HF/VHF/UHF signal processing and portable DAB+ reception with the cheapest and most available equipment. No other devices are supported. This distribution is intended for experimentation and legal listening purposes only. NOTE: No TETRA or similar trunked system decoders are included in this distribution for legal reasons.
Congratulations to 5n1p3r for coming in first place at the GRIMMCon 2020 COBOL CTF!
I just found out from chutzp4 our own 5n1p3r came in first place this week in GRIMMCon’s COBOL CTF. Everyone join me in congratulating him on his achievement!