The Many Animals of Linux – AKA WTF is a ‘Trusty Tahr’? – Part 2

In this series of posts I scour Wikipedia looking for a bunch of random facts about animals in Ubuntu release names. I sometimes make slightly snarky comments about them that I find mildly amusing. This post starts from Ubuntu 7.04. Take a look at part one here. Part 2 took eight years, so you better enjoy it.

Ubuntu 7.04 – Feisty Fawn

A very non feisty looking fawn

A very non feisty looking fawn. (Source: Veledan on Wikipedia)

Read more

Analysis of the August Information Stealer

OK, so a while back (a few weeks ago) I got a malicious word document from a friend of a friend of an enemy. I though it would be kind of fun to dig into it and see what’s in it. I’ve also been wanting to do a post on something related to malware. So, two birds, one stone. Let’s do this.

I present to you, an analysis of the August information stealer (and associated dropper). August is a fairly new information stealer that has recently had a few articles/blog posts written on it. See: https://www.proofpoint.com/uk/threat-insight/post/august-in-december-new-information-stealer-hits-the-scene

This post is more about the process of analyzing the sample, rather than the conclusions drawn from the analysis. I have a copy of the original sample available for people to follow along.

Read more

Limited Automated WP Plugin Vulnerability Scanning with wtfian

When looking through WordPress plugins, I noticed that a lot of developers seem to have issues using AJAX securely. They frequently don’t use nonces at all, they leak nonces to people they shouldn’t, and they forget to check the user’s capabilities. At first, going after the low hanging fruit (AJAX issues) of the low hanging fruit (WP plugins) was kind of fun, but it started to get boring pretty fast so I wrote a script to do it for me.

Read more

PHP Backdoor Obfuscation Techniques

When an attacker leaves behind malicious PHP after a successful compromise, they typically make some attempt to obfuscate their code. While the title of this post is “PHP Backdoor Obfuscation Techniques”, these methods are also used to obfuscate other code as well, sometimes even in a poor attempt to protect legitimate code from reverse engineering and modification. I’ve been working in an environment with a large number of LAMP servers for several years now, and I’ve seen a lot of malicious PHP. Here are some of the more common (and a few less common) obfuscation techniques I’ve seen.

Read more

Let’s Go to Fry’s!

Sometimes I have the unfortunate need (or even desire) to visit my local Fry’s Electronics (see wikipedia), a regional chain of electronics stores. Picture Best Buy, but with more computer parts and electronics, and the world’s pushiest and stupidest salesmen who get paid on commission, fake Internet price matching, really cool themed decorations that haven’t been maintained in years, horrible customer service, and just all around douche baggery. Check out how they demonstrate the “Monster Cable Difference.”

Last time I went, I took a few pictures of some interesting items I found.

Read more

WordPress Plugin Vulnerability Dump – Part 2

And we’re back. Check out Part 1 if you haven’t yet. Much like before, developers of these plugins have not been contacted in advance. These vulnerabilities were trivial to find and as you can see from these vulnerabilities and others that have been disclosed in the past few months, popular =/= secure. More vulnerabilities will be posted as time permits.

Read more

WordPress Plugin Vulnerability Dump – Part 1

This post contains information on vulnerabilities for 7 (at least somewhat) popular wordpress plugins. All of these vulnerabilities were trivial to discover (and are trivial to fix). The state of wordpress plugin security is very sad indeed. None of the developers were contacted in advance of this post (except where otherwise noted). Additional vulnerabilities will be posted as time permits.

Read more

The Many Animals of Linux – AKA WTF is a ‘Trusty Tahr’? – Part 1

Have you ever heard about a new Ubuntu release and wondered what a tahr or pangolin is? I know I have. Every Ubuntu release is given a codename that consists of an adjective and an animal name. A few other distros have have also had releases that reference animals.

I’ve scoured the Internet (by that I mean Wikipedia) to find information about these animals. I’ve picked out just the most interesting bits and paired them with pretty pictures. Let’s get started.

Ubuntu 4.10 – Warty Warthog

640px-Tarangire_Warzenschwein1

Note: does not appear to have warts

Warthogs are a member of the pig family and live in Africa. You may know them from The Lion King.

Read more

CSRF in Disqus WordPress Plugin v2.77

There are several cross site request forgery vulnerabilities in the Disqus WordPress Plugin, version 2.77. Let’s start with the technical details, then I’ll get to the commentary.

Three settings in the admin interface lack nonces. By exploiting this you can activate or deactivate the plugin, and import or export comments between your wordpress database and disqus. Example URLs:

http://wptestbox1.dev/wordpress/wp-admin/edit-comments.php?page=disqus&active=0
http://wptestbox1.dev/wordpress/wp-admin/index.php?cf_action=export_comments&post_id=0&timestamp=1408220878.213
http://wptestbox1.dev/wordpress/wp-admin/index.php?cf_action=import_comments&last_comment_id=0&wipe=1

These are all just simple GET requests. There is nothing terribly interesting in the plugin’s code related to this. It is just the simple lack of a nonce (for GET requests).

Read more