b33rbrain’s eLearnSecurity PTSV4 Wild Adventures Part 1

Appreciate! eLearnSecurity was kind enough to offer some VetSec members access to their Penetration Testing Student V4 elite class. I’m one such lucky recipient! My motivation for learning more about pen testing ranges from the lulz to a masochistic appreciation of stumbling around blindfolded while playing a game of catch the bits. Why would eLearnSecurity […]

b33rbrain’s eLearnSecurity PTSV4 Wild Adventures Part 1

Best CMD Commands Used By Hackers

Willing to become a hacker or security expert? There are a whole lot of things to consider. In this article, we have shared some of the most used CMD Commands. So, let’s check out the best CMD Commands Used In Hacking. Well, if you have been using Windows operating system for a while, then you might […]

Best CMD Commands Used By Hackers

HackTheBox – Lame writeup

Overview : Target : 10.10.10.3 Enumeration : Nmap Scan Results: Foothold : Method 1 – Port 139: With Samba 3.X -4.X , lets use Samba “username map script” Command Execution CVE-2007-2447. Exploitation: Metasploit: We have our reverse shell connected with root access. Method 2 – Port 3632: We see DistCC Daemon v1 4.2.4 which is […]

HackTheBox – Lame writeup

DIEBOLD ATMS ARE GETTING HACKED USING A LAPTOP & PIRATED DIEBOLD ATM FIRMWARE

Security at ATMs remains an issue affecting banking institutions around the world, experts from a hacking course mentioned. Recently, ATM manufacturer Diebold Nixdorf recognized an increase in jackpotting attacks against its ProCash model ATMs in some European countries. Apparently, the most recent attacks have been carried out using a new method that further complicates things for the company and users. Threat […]

DIEBOLD ATMS ARE GETTING HACKED USING A LAPTOP & PIRATED DIEBOLD ATM FIRMWARE

Using an FPGA to Glitch the Olimex LPC-P1343

After trying out hardware hacking using an FPGA to interface with target hardware, [Grazfather] was inspired to try using the iCEBreaker (one of the many hobbyist FPGAs to have recently flooded the market) to build a UART-controllable glitcher for the Olimex LPC-P1343. FPGA Modules (The cmd module intercepts what the host computer sends over UART, the resetter holds the reset line until the target is reset, the delay starts counting on reset and waits for a configured number of cycles before sending its signal, the trigger waits for the delay to finish before telling the pulse module to send a pulse, and the pulse works similar to the delay module and outputs to the power multiplexer.) When the target board boots up, the bootROM reads the flash and determines whether the UART goes to a shell and if the shell can be used to read out the flash. This is meant for developing firmware and debugging it in the bootloader, only flashing a version when the firmware is production-ready. The vulnerability is that only a specific value read from address 0x2FC and the state of a few pins can lock the bootloader in the expected way, and any other value at the address causes the bootROM to consider the device unlocked. Essentially, the mechanism is the opposite of how a lock ought to work. The goal is to get the CPU to misread the flash at the precise moment it is meant to be reading the specific value, then jumping to the bootloader in the unlocked state. The FPGA can be used as a tool between the host machine and target board, communicating via UART. The FGPA can support configuring the delay between resetting the target board and pulsing a ‘glitch voltage’, as well as resetting the target board and activating the glitch. The primary reasons for using the FPGA over a different microcontroller are that the FPGA allows for precise timing (83.3ns precision) and removes worries about jitters (a Raspberry Pi might have side effects from OS scheduling and other processes and microcontrollers might have interrupts messing up the timing). The logic analyzer view To simulate the various modules, [Grazfather] used Icarus Verilog as well as GTKWave to observe the waveforms generated. A separate logic analyzer observes the effects on real hardware. With enough time, it is possible to brute force any combination of delay and width until you get a dump of the flash you’re not meant to read. You can check out how the width of the pulse gets wider until the max, when the delay is incremented and the width values are tried again.

Using an FPGA to Glitch the Olimex LPC-P1343

DATA stealing and Information sharing and Accessing-Hacking

Hello friends!Hope you are eager to know the agenda of the blog.That is DATA. Data is only the Information that you leave in any way without your knowledge.Anyway let’s see the main focus of the blog:HACKING.Yah, these days hacking are common and most are expert in it. Wait, you are in chaos.You may think is […]

DATA stealing and Information sharing and Accessing-Hacking

This Ruggedized Raspberry Pi Was Built to be Copied

Over the last couple of years, we’ve seen a wave of impressive rugged mobile computing devices based on the ubiquitous Raspberry Pi. Sometimes they involve repurposing an existing heavy duty enclosure, and in others the Pi takes up residence in a 3D printed case which may or may not be as strong as it appears. In either event, they usually don’t lend themselves to duplication because of the time and expense involved in tracking down or printing all the parts required. But the Raspberry Pi Quick Kit by [Jay Doscher] may change that. It represents what must surely be the simplest and fastest route to a building a rugged mobile ARM computer for your hacking adventures. Beyond the Pelican 1150 case that serves as the outer enclosure, you only need three printed parts and a handful of fasteners to complete the build. Of course you’ll need a Raspberry Pi and the official touch screen as well, but that’s sort of a given. Electronics mounted to the 3D printed frame. All of the electronics mount onto the three piece 3D printed frame, which is then press-fit into the opening of the Pelican case. Since you don’t need to pop any holes through the case itself, the assembled unit remains water and air tight. While [Jay] has recently shown off a very impressive 3D printed Pi enclosure, there’s really no beating a legitimate heavy duty storage case if you’re trying to protect the hardware. When you want to use the Pi, just open the case and plug your power and accessories into the panel mount connectors under the display. There’s no integrated battery or keyboard on this build, but considering how small it is, that shouldn’t really come as a surprise. [Jay] is targeting the Pi 4 for the Quick Kit, so that means WiFi and Bluetooth will come standard without the need for any external hardware. It looks like there might just be enough room to include an RTL-SDR receiver inside the case as well, but you’ll need to do a little redesigning of the 3D printed parts. If you do modify this design to pack in a few new tricks, we’d love to hear about it. The Quick Kit is a greatly simplified version of the Raspberry Pi Recovery Kit that [Jay] unleashed on an unsuspecting world late last year. We’ve seen numerous variations on that original design sprout up since then, so we’re very interested to see what the response will be like to this much cheaper and easier to build version.

This Ruggedized Raspberry Pi Was Built to be Copied
Create your website with WordPress.com
Get started