Category Security

Search app memory with Frida

First, install Frida on your local system. Now, we need to download frida-server, and copy it on the Android phone. We’ll assume it’s this one: frida-server-16.3.3-linux-arm64.xz. If you want to run a specific app, execute frida-ps -U -ai and copy…

CVE-2020-24363 TL-WA855RE V5 advisory

Affected Product: TP-Link TL-WA855RE Version: tested on TL-WA855RE(EU)_V5_200415 (possible earlier versions too) Description: TP-Link TL-WA855RE V5 20200415-rel37464 Devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker…

Enable CR0 write in Linux kernel 5+

If you ever want to disable the WriteProtect (WP) bit you’ll need to read/write access to the CR0 register. The problem is that the write_cr0 function provided by the linux kernel has been tweaked to prevent this exact thing. Here…

Tiny Go reverse shell

Here is a really small Go reverse shell (30-ish lines of code that includes comments). Environment setup: Download/install Go from here. If you use Windows, you may want to download/install the TDM-GCC compiler from here as well. Code: First, we…

Basic API hooking using detours

Below is a basic example on how to use the detours library to hook APIs. #include <stdio.h> #include <windows.h> #include <detours.h> // API that we want to hook DWORD (WINAPI * Real_SleepEx)(DWORD dwMilliseconds, BOOL bAlertable) = SleepEx; // This function…

bytefuzz v1.3 and the domato fuzzer

I’ve made some changes to bytefuzz to support files generated by other fuzzers. I’ve used the domato fuzzer to generate 1000 html files and then through bytefuzz, I’ve sent those files to a browser that I use when I do…