SimpleLink Wi-Fi CC3200 Project 0: Unboxing and writing the first BLINK + Wifiwebserver

First is to watch the video:

https://www.youtube.com/watch?v=Kn-YPsByyYU

After connecting as per below the picture:

And followed by compiling the BLINK example and uploading to the Launchpad:

https://www.youtube.com/watch?v=hhdKg6_lkVA

https://training.ti.com/simplelink-wi-fi-cc3200-project-0-energia-ide

And next is to run the Wifi Webserver:

Completed.

Advertisements

radare2: A checklist showing how to analyze a binary

Installing radare2 from docker hub:

https://hub.docker.com/r/radare/radare2/

docker pull radare/radare2

Next is to start the docker container:

docker run -it radare/radare2

And copy the "resident" binary from host into container (container id is 1288):

docker cp resident 1288:/tmp

And now analysing the "resident" binary inside the docker container:

Starting from main analysis (VV):

(Enter "q" after "VV", hexdump of binary):

(showing sections: iS)

(showing functions: afl)

(showing basic blocks: pdb)

(showing main entry point: ie)

(showing imports: ii)

Looking for other command:

https://www.g0jirasan.com/2017/08/radare2-cheat-sheet.html

https://twitter.com/binitamshah/status/535968768371859457

https://eforensicsmag.com/reverse_engi_cheatsheet/

And this:

https://gist.github.com/williballenthin/6857590dab3e2a6559d7

https://scoding.de/uploads/r2_cs.pdf

http://b404.xyz/sources/r2-cheatsheet.pdf

My steps for analysis:

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

  • analyze all: aa
  • show sections: iS
  • list functions: afl
  • list imports: ii
  • list entrypoints: ie
  • seek to function: s sym.main
  • show basic block disassembly: pdb
  • show function disassembly: pdf
  • show function arguments: afa
  • show function variables: afv
  • rename function variable: afvn
  • set function variable type: afvt
  • add/analyze function: af
  • enter graph modes: VV
  • cycle types of graphs:
    • forward: p
    • backwards: P

Hypercall Security Assessment Checklist

What are the checklist items when secure auditing hypercalls?

a. What are the hypercall instructions, and their input/output registers and side effects?

b. What are the privileges available when executing the hypercalls?

c. Are there any opportunities for transiting to other privilege level during runtime? If there is then under what conditions and requirements?

d. How to check through all the software boundary between the two different privilege level – and ensuring that reasonable checks are done before passing information from one side to another?

e. Any dependencies/races conditions on usage at runtime between different/same instructions by multiple CPU cores?

https://www.coursehero.com/file/p7bq556/8-Hypercalls-are-analogous-to-system-calls-in-the-OS-world-While-VM-Exits-are/

https://xenbits.xen.org/docs/4.8-testing/misc/pvh.html https://www.researchgate.net/post/Problem_with_hypercall_KVM_Xen

https://research.spec.org/fileadmin/user_upload/documents/wg_ids/endorsed_publications/SPEC-RG-2014-001_HypercallVulnerabilities.pdf

https://xenbits.xen.org/docs/4.8-testing/misc/pvh.html

https://reviews.freebsd.org/D8100?id=20886

ftp://netbsd.ftp.fu-berlin.de/misc/joerg/XEN3DOMU/src/src/sys/arch/xen/include/amd64/hypercalls.h.html

http://wwwi10.lrr.in.tum.de/~weidendo/lehre/VT-WS15/lab3-loesung.pdf

Project Zero: Pandavirtualization: Exploiting the Xen hypervisor

https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html

Learning about RUMP kernel

https://blog.netbsd.org/tnf/entry/a_rump_kernel_hypervisor_for

https://github.com/rumpkernel/wiki/wiki/Tutorial:-Getting-started

https://github.com/rumpkernel/wiki/wiki/Info:-Comparison-of-rump-kernels-with-similar-technologies

http://rumpkernel.org

https://www.netbsd.org/gallery/presentations/justin/2015_AsiaBSDCon/justincormack-abc2015.pdf

http://netbsd.gw.com/cgi-bin/man-cgi?rumpuser+3+NetBSD-current

https://news.ycombinator.com/item?id=8608736

CTF writeup roundup

https://www.defcon.org/html/links/dc-ctf.html

https://dttw.tech/posts/r1jswRaAG

https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack

https://github.com/qazbnm456/awesome-cve-poc

https://github.com/vermuz/awesome-shell-1

https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf

https://www.defcon.org/html/links/dc-ctf.html

https://github.com/ctfs/write-ups-2016

https://ctftime.org/event/459/tasks/

https://ctftime.org/writeups

https://www.securifera.com/blog/2017/06/18/defcon-ctf-2017-divided-writeup/

https://chc.cs.cornell.edu/writeups/

https://st98.github.io/diary/posts/2017-05-02-def-con-ctf-2017-qualifiers.html

https://github.com/abatchy17/WindowsExploits

TF Internetwache 2016.
https://www.youtube.com/watch?v=6cYZJLcC6Eo

https://www.youtube.com/watch?v=AKs277vpVSY

https://github.com/AusJock/Privilege-Escalation

https://github.com/BuddhaLabs/PacketStorm-Exploits

https://kitctf.de/writeups/

Shatter Attack: what are its Linux equivalent

Looking at "Shatter Attack" in Windows:

https://pen-testing.sans.org/resources/papers/gcih/enemy-within-handling-insider-threat-posed-shatter-attacks-105884

http://index-of.es/Misc/pdf/shatter_attack_redux.pdf

https://www.blackhat.com/presentations/bh-usa-04/bh-us-04-moore/bh-us-04-moore-whitepaper.pdf

http://www.hpl.hp.com/techreports/2005/HPL-2005-87.pdf

Now you ask yourself, what are the Linux equivalent? How are messages passed from one applications to another? And if the messages and posted in arbitrary ways, is it possible to achieve privilege escalation in Linux scenario?

This is the processes relevant to graphical redering in Linux:

Looking at "Dbus" daemon above, what its function?

Since it is running at the high privilege level, privilege esclation is not impossible.

And history have shown its possibilities:

https://www.cyberciti.biz/tips/linux-dbus-packages-fix-privilege-escalation.html

https://www.rapid7.com/db/modules/exploit/linux/local/lastore_daemon_dbus_priv_esc

https://packetstormsecurity.com/files/147285/lastore-daemon-D-Bus-Privilege-Escalation.html

https://bugzilla.redhat.com/show_bug.cgi?id=847402

https://exchange.xforce.ibmcloud.com/vulnerabilities/82135

https://www.exploit-db.com/exploits/33614/

MongoDB / NoSQL Database

Differences:

http://www.oracle.com/technetwork/database/database-technologies/nosqldb/documentation/nosql-vs-mongodb-1961723.pdf

Modelling methods:

Differences between SQL and NoSQL:

Automated conversion of SQL to MongoDB syntax:

MySQL to MongoDB converter:

Update performance:

%d bloggers like this: