Hello, I'm posting a multipart reversing and exploitation series entitled "Broken, Abandoned, and Forgotten Code." It explores the discovery, reverse engineering, and exploitation of an unauthenticated firmware update capability in the UPnP stack of Netgear SOHO routers. This isn't your typical "OMG command injection SOHO Routers are so insecure!!!1!" project. We all know they are; that's been covered ad nauseam. This project was a challenge to exploit partially implemented, forgotten code that appeared too broken to actually work. I set out to craft an exploit and a special firmware image that would avoid crashing the UPNP server and would leave the router with persistent backdoor access. This was a really fun project, and I want to share it anyone who might be interested in embedded Linux reversing and exploitation. I walk the reader from start to finish through the process of vulnerability discovery, reverse engineering, exploitation, and post-exploitation. I tried to make it so the reader can follow along with their own router, some basic reversing experience, and the right tools. There should be something for everyone. We'll cover figuring out how to form the SOAP request. There will be lots of MIPS Linux disassembly. There's debugging, binary patching, and emulation. There is a section toward the end where we take apart the router to look for a debugging port. The intro, and Part 1, 2 and 3 are up already. Part 4 comes Thursday, followed by a new installation each week. I have twelve parts written, and expect there to be around fourteen total. Here are links to what's up so far: Prologue (includes PoC exploit video): http://ift.tt/1bF2UEZ Part 1: http://ift.tt/1Qu05WZ Part 2: http://ift.tt/1ItANo7 Part 3: http://ift.tt/1QxSXrA If you enjoy it, and you're on Twitter, please give me a mention or retweet; I'm @zcutlip. I've had a blast writing this and I hope you all have as much fun reading it and following along. Cheers! Zach
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment