ITSEC Newsletter 2024-02-01

This is a small blog about writing what I call "modern" position independent implants. Modern in the sense of being easy to write, easy to maintain, flexible and modular. These modern implants add support for global variables, raw strings and compile time hashing to position independent code which is known to have such limitations as not being able to use global variables and literal strings (besides crafting stack strings).

In this multi-part blog series, we will dive into what it takes to build an effective password cracking setup: from the required hardware to rules and logic needed to crack 14+ character passwords. We will begin by focusing on the hardware and basic design. As the series progresses, we will go from zero-to-hero with hashcat. As the industry and our approach evolves, we will continue to update the series with custom wordlists and other goodies.

After reading online the details of a few published critical CVEs affecting ASUS routers, we decided to analyze the vulnerable firmware and possibly write an n-day exploit. While we identified the vulnerable piece of code and successfully wrote an exploit to gain RCE, we also discovered that in real-world devices, the “Unauthenticated Remote” property of the reported vulnerability doesn’t hold true, depending on the current configuration of the device.