-
Maximizing Disk Imaging Speeds
In the field of digital forensics, properly handling the task of disk imaging is crucial for preserving data integrity. Using write blockers ensures that no data is altered during the imaging process, a key requirement for maintaining the chain of custody. While there are many factors influencing the efficiency and speed of this process, this…
-
Password Breaking A to Z
Our blog features numerous articles on breaking passwords and accessing encrypted data, ranging from simple “how-to” guides to comprehensive manuals. However, many of the questions we are frequently asked are not about the technical stuff but rather the very basics of password recovery. Can you break that password? Is it legal? How much time do…
-
Sideloading Low-Level Extraction Agent with Regular Apple IDs from Windows and Linux
Low-level extraction enables access to all the data stored in the iOS device. Previously, sideloading the extraction agent for imaging the file system and decrypting keychain required enrolling one’s Apple ID into Apple’s paid Developer Program if one used a Windows or Linux PC. Mac users could utilize a regular, non-developer Apple ID. Today, we…
-
Windows Sockets: From Registered I/O to SYSTEM Privileges
By Luca Ginex Overview This post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows sockets. The vulnerability was patched in the August 2024 Patch Tuesday. This post describes the exploitation process for the vulnerability. First, we give a general overview of the…
-
Softaculous Webuzo Authentication Bypass
EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Vulnerability Identifier Exodus Intelligence: EIP-ce40b086 MITRE: CVE-2024-24621 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 10.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to…
-
Softaculous Webuzo FTP Management Command Injection
EIP-4ab5e9b4 Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. Vulnerability Identifier Exodus Intelligence: EIP-4ab5e9b4 MITRE: CVE-2024-24623 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 9.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to vendor:…
-
Softaculous Webuzo Password Reset Command Injection
EIP-92dd8e27 Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. Vulnerability Identifier Exodus Intelligence: EIP-92dd8e27 MITRE: CVE-2024-24622 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 9.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to vendor: July…
-
Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu
By Oriol Castejón Overview This post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December 2023, it wasn’t ported to Ubuntu kernels for over two months, making it an easy 0day vector in Ubuntu during that time. In early January 2024, a Project Zero issue…
-
D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability
EIP-13d90c2b The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence: EIP-13d90c2b MITRE: CVE-2024-23624 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 8.3 Vendor References The affected product is end-of-life…
-
D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability
EIP-5a0f4b12 The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence: EIP-5a0f4b12 MITRE: CVE-2024-23625 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 8.3 Vendor References The affected product is end-of-life…