HackThisSite: Basic 01

04 Jul 2014 by Antonio Vázquez Blanco

I found hackthissite.org quite long time ago when I was learning some basics of computer security and I really liked it. It is meant to reinforce theoretical knowledge with some practice. It consists on a bunch of challenges that should be solved progressively. Here I will try to explain some of the solutions I gave to the challenges for fun. My aim is to share the thoughts that lead me to the result as well as hearing your opinion about my procedures.

Some HTML/CSS stuff I don't like: Translations

26 Jun 2014 by Antonio Vázquez Blanco

I never liked HTML or CSS too much. I have to say that althought they were easy for me to get started with them, I always found tricky to get some things well done. I have to say that HTML 5 standard did improve a lot of aspects of this language but I see this technology too far from where it should be. Althought it has evolved there has been no interest in fixing some of the most basic issues of the standard among, in some cases, no interest in site maintenance to keep up to date with the latest changes. I'm thinking in an example while I write my opinion, it is translations.

Binary firmware analysis

22 Jun 2014 by Antonio Vázquez Blanco

When trying to find exploits or vulnerabilities in embedded devices, any information is very useful. Firmware analysis can be a good starting point as there's no need to have physical access to a device in order to investigate and there's no need to buy one as long as the manufacturer let you download updates from their website. In the following examples I'm going to use a firmware from TP-LINK for TL-WR841N v8 (Soft. version: 3.13.33).

New InsydeH2O BIOS update format

04 Jun 2014 by Antonio Vázquez Blanco

Some time ago I bought an Alienware M14xR2 as my last laptop broke down. Lately, Alienware published an update for my BIOS that I can't burn in my computer because I only use Archlinux. By googling a bit I quickly found a tool for burning the BIOS in a DOS command line but I would need to have a look to the update package.

Multiple security flaws in Comtrend router

20 May 2014 by Antonio Vázquez Blanco

Last summer I've been playing with an old access point I found among my unused devices. Although this is far away from being a top selling device I decided to investigate a bit in order to find security flaws on it.

Security flaw in RomPager webserver

18 May 2014 by Antonio Vázquez Blanco

RomPager is a widely used embedded webserver. Playing around with an quite old but very widely used (or at least in Spain) ZyXEL P-660HW-D1 I could find an small bug in this software that leads to XSS and URL redirection.