SSID Format String Bug

This article, covers a recent tweet that displayed a vulnerability where a specific SSID name could permanently disable an iPhone's wifi functions. Luckily for user, @vm_call, a user in the replies found a way to fix the wifi. The article covers the process by which the SSID is processed and what the actual issue that causes the crash is. It seems a bit weird to write a blog post about a blog post, but this topic was incredibly interesting and the original tweet and the conversation around it was fun to follow. As for the potential for exploitation for this vulnerability, it isn't something that could be used in it's current state. The target can see the name of the SSID they are connecting to, so they would know that they were connecting to a potentially dangerous network.

Comments

Using PGPy to encrypt and decrypt files and messages

PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at https://github.com/lpowell . The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding. First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename) . This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob , if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method. Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll cal...

Huntress CTF Challenge Writeups: HumanTwo: MoveIt IoC Analysis Challenge

HumanTwo: MoveIT IoC Analysis Challenge The HumanTwo challenge is a malware CTF from the 2023 Huntress CTF. This write-up walks through the initial discovery, de-obfuscation, and solving of the challenge. The actual flag will be redacted from the document, but interested parties should be able to follow the steps and derive it themselves. While the write-up assumes a base level of knowledge regarding the command line and Linux. Most tools and commands will be accompanied by short explanations. Step 1: Initial Analysis To start off, we are given an archive with 1000 files named after their file hash. The hint we are given is that there are minor differences between each file. We also know that HumanTwo relates to the MoveIT vulnerability and exploit. The easy way to progress is to look up articles that tell you about the vulnerability and what stands out in each exploit script. However, I didn’t do that, so I’ll put the process I followed down instead. First, because I knew that...

Huntress CTF Challenge Writeups: VeeBeeeee & Fetch

VeeBeeeee: A Microsoft Script Forensics Challenge VeeBeeeee starts with an extensionless file. When attempting to open this file, we get a bunch of random junk. I used PowerShell to display the content of the file and then dropped the output into CyberChef to decode it. Using the “Magic” function on CyberChef told me that it was a Microsoft Script, and CyberChef applied the Microsoft Script Decoder function to the text blob. Copy/Pasting the cleartext code into VSCode lets us use the find and replace function to get rid of some of this junk data. While going through the script and getting rid of the tacked-on strings and characters, we can see that there is an array being built called Request. If we follow the link in this array, we get to a Pastebin file with the flag. Fetch: A Prefetch and WIM File Analysis Challenge Fetch provided an unknown file with no extension. Like previous challenges, we can use the “file” command to determine the file type. Using ...

Blog.Bajiri

Search This Blog