Sean Mackert professional headshot

Sean Mackert

- Passionate about security
- Aspiring red teamer
- Seeking mentorship

3-Minute Read

In this part, I will cover the initial steps, thoughts, and problems I had while attacking LAN Messenger.

I decided to attack LAN Messenger because it was an application which I had used previously and I already found a remote DoS exploit accidentally while poking around with netcat.

According to the SourceForge repository, LAN Messenger was last updated in 2012 (version 1.2.35) which gave me hope that there were some bugs that could be easily exploited. As this was a task meant for practice, I tried to avoid “spoilers”, however I later discovered that there were only two reported vulnerabilities issued CVEs. Both ended up being DoS bugs, one of which I already found anyway and the other doesn’t really make sense and claims to be for a version that doesn’t exist.

Despite there only being two CVEs, I was also very interested in a comment on the SourceForge page by a user claiming that there was a known XSS actively being exploited in the program as well. Despite the initially confusing comment which referenced an Exploit-DB ID for a completely different product, an XSS polyglot eventually did uncover the bug. After several more Google searches, I finally discovered a 2012 PoC from Vulnerability Laboratory that described the XSS, although the URL encoding suggested caused the bug not to trigger on my test machine.

Sometime during testing I discovered that LAN Messenger was forked to a project on GitHub as version 1.2.39.

3-Minute Read

Since the news of Log4shell initially broke, a few news outlets have been stoking fear about an imminent attack from a devastating worm, from the usual suspects, armed with a Log4j exploit. A month later, and we still haven’t seen it — but why? And how is it actually being used?

The attack surface that a Log4j worm would have to target is very incongruous. Systems such as web servers are easy to mass scan and Java-based web applications like Elasticsearch and VMware Horizon have already been exploited in great numbers. Scanning the entire internet for a select few vulnerable services or even blindly pray-and-spraying every found web service with a payload can be done in a day.

Writing a worm for a scannable exploit is pretty much pointless. Worms like WannaCry made use of an SMBv1 service vulnerability in Windows systems meaning that the entire network could be compromised from a single exploit. Log4j, while devastating in it’s breadth, isn’t as ubiquitous as a default Windows service and the method of exploitation for this library will vary greatly depending on its implementation.

A Log4j worm would only affect the few machines running this library and internal uses of the library would be too varied to be predictable in any meaningful way. Even the operating system would

Additionally, the skill requirement of writing a worm is much higher than scanning. Only nation-state threat actors have the skill and resources to put together an impactful worm quickly enough to be competitive with scanning and even the efficacy of this is debatable.

3-Minute Read

I’ve recently purchased the GL.iNet GL-AR750S-Ext travel router, also known as Slate, and I’m so far quite pleased with it. With this handy travel router running a custom interface over OpenWRT I was easily able to configure a plug-and-play VPN solution that allows me to connect to my network at home. Now I can watch Netflix, use remote desktop, browse the web safely, and avoid triggering security measures that may lock you out of your account while traveling abroad.

Conveniently, this travel router also includes a configurable switch on the side which allows me to quickly enable and disable the VPN connection. By configurable, I mean that this switch allows you to choose whether it toggles the OpenVPN, WireGuard, or Tor connection.

select toggle button function dropdown menu

At home I use an Asus RT-AC66U-B1, but your setup will likely be very similar. Most Asus products use similar firmware and OpenVPN support is becoming a more common feature among base model routers without splurging on enthusiast-grade hardware. The Asus RT-AC66U-B1 is an older bit of kit, and it has its quirks, but it’s still supported by Asus and runs about $110.

Warning: before enabling any web-facing features on your router, you should always manually check that you have the latest firmware installed.

Recent Posts

Categories

About

Sean Mackert is an IT professional passionate about security and helping inform others.