The folks that run the website RTL-SDR have a comprehensive list of all the software defined radio (SDR) software, both commercial and free. That list can be found here:
Default password lists
I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:
* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.
Always available CTF Labs
I have identified the following CTF labs which are 24/7 and most if not all are free:
-
- 24/7 CTF: https://247ctf.com/ (Added 11/7/2019)
- Immersive Labs: https://immersivelabs.online
- pwnable.xyz (good for people new to CTF): https://pwnable.xyz/
- 365 CSAW: https://365.csaw.io
- CTF101: https://ctf101.org/
- Shellter Hacking Express: https://shellterlabs.com/en/contests/
- Backdoor: https://backdoor.sdslabs.co/
- ShellWePlayAGame?: https://shellweplayagame.org/
- RootMe: https://www.root-me.org/?lang=en
- OverTheWire: https://overthewire.org/wargames/
- Virginia Cyber Range: https://portal.virginiacyberrange.net/
- Hack The Box: https://www.hackthebox.eu/
- FuzzyLand: https://fuzzy.land/
- Hacking Lab: https://www.hacking-lab.com/index.html
To everyone that made me aware of these thank you!
SMBGhost has a brother: SMBleed!
While taking a look at the SMBGhost vulnerability, security researchers at ZecOps discovered another seperarate bug in the SMB compression subsystem that they are calling “SMBleed” (CVE-2020-1206). Microsoft has issued patches for both SMBGhost and SMBleed in June’s PatchTuesday.
Links:
-
- ZecOps Write Up: https://bit.ly/3f9bjRx
- ZecOps PoC Source Code: https://bit.ly/3hdUQ09
- NIST CVE Bulletin: https://bit.ly/2YrnYs8
Update: SMBGhost is now a remote exploit
I just read and article where a security research was able to take the SMBGhost (CVE-2020-0796) exploit, which was previously just a local privilege escalation, and make it remote and has the potential to be turned into a worm. SMBGhost is a vulnerability in the SMB3 compression feature. Microsoft has yet to release a patch.
Links:
-
- Arstechnica Article: https://bit.ly/2YppYBs
BlueFrag: The Android Bluetooth exploit
I posted about a back in February about a new Android bug in the Bluetooth stack (CVE-2020-0022). This is a nasty bug that affects Android 8-10 devices and requires no user interaction the attack just needs to be in proximity to any Android device that has Bluetooth enabled. In Android 8 and 9 it’ll gain remote code execution and in Android 10 it’ll just crash the Bluetooth stack. BlueFrag is the name of the exploit that takes advantage of this vulnerability.
Links:
-
- Article: https://bit.ly/2LoMmoe
DEF CON 28 officially cancelled!
I just read on the official DEF CON Twitter account that Dark Tangent has decided to cancel DEF CON 28 due to the COVID-19 pandemic. The good news is he said it was the “in-person” conference held in Las Vegas, so there is still hope that they will have a virtual version of it just like Way West Wild Hackin’ Fest did in March for their in-person conference for the same reason.
Links:
-
- DEF CON Twitter Post: https://bit.ly/2WHXSR3
SSH to remote hosts though a proxy or bastion with ProxyJump
ProxyJump makes SSH’ing from a bastion to hosts behind it very convenient and it is built into SSH since v7.3. It makes use of the ProxyCommand underneath the hood that will dispatch commands to another SSH connection and display the output and has been in SSH for a “long time” according to the article.
Links:
-
- Article: https://red.ht/2YM5CnJ
Two SDR dedicated Linux distros
I guess one of the benefits of being on lockdown is that security engineers have a lot of free time on their hands to create new Linux distributions and in this case there are two new Linux distros that have been developed focusing on software defined radios.
-
- DragonOS – DragonOS LTS an out-of-the-box Lubuntu 18.04 based x86_64 operating system for anyone interested in software defined radios. All source installed software is located in the /usr/src directory while the remaining software was installed by package managers. This is a brief summary of the software included, while not complete, it covers the bigger named packages and some of the drivers installed for the various supported SDRs such as the HackRF One, RTL-SDR, and LimeSDR. This distro includes the following SDR related tools: Universal Radio Hacker, GNU Radio, Aircrack-ng, GQRX, Kalibrate-hackrf, wireshare, gr-gsm, rtl-sdr, HackRF, IMSI-catcher, Zenmap, inspectrum, qspectrumanalyzer, LTE-Cell-Scanner, CubicSDR, Limesuite, ShinySDR, SDRAngel, SDRTrunk, Kismet, BladeRF
- Gorizont-rtlsdr – This distribution contains only RTL2832U chipset family rtl_sdr drivers and modules, and concentrates on providing terrestial HF/VHF/UHF signal processing and portable DAB+ reception with the cheapest and most available equipment. No other devices are supported. This distribution is intended for experimentation and legal listening purposes only. NOTE: No TETRA or similar trunked system decoders are included in this distribution for legal reasons.
Congratulations to 5n1p3r for coming in first place at the GRIMMCon 2020 COBOL CTF!
I just found out from chutzp4 our own 5n1p3r came in first place this week in GRIMMCon’s COBOL CTF. Everyone join me in congratulating him on his achievement!
In-Depth Guide to NTLM Relay Attacks
I found this really awesome guide on Twitter this morning which walks you through what NTLM relay attacks are and then teaches you how to do this style attack against Windows and Samba.
Link:
-
- Hackndo Guide: https://bit.ly/3aEMESP
Software Defined Radio Noise Comparison Chart
I found this image posted by the officail RTL-SDR Twitter account. It gives a comparison of the noise experienced in different frequency ranges by various software defined radios (SDRs).
CTF.live: A free CTF training environment by Pentester Academy
Pentester Academy announced on Twitter that they have a free CTF training environment. You need to log in using your Google account, however they have a total of 25 challenges and you don’t need to VPN into their network, everything can be done with a web browser.
Links:
-
- CTF.live: https://bit.ly/2xBZAu2