[ Beneath the Waves ]

This is the personal website of Ben Lincoln.

A British accent for your Android phone

A few weeks ago I discovered how to Give Your Android Phone A British Accent — and that it's possible to compel it to speak arbitrary text. I think you'll agree that the results are pretty great.

Thermal imaging

Another update I've had on my list for awhile — I obtained a FLIR E4 thermal imager in early 2014 and used the modification developed by Mike Harrison and company to bump it up to 320x240 resolution. I've added several sets of Thermal Imaging Examples, and the Thermal versus Near Infrared article has been updated.

SonicCare® lock picks and Christmas pudding

I've finally gotten around to posting a couple of experiments from the last two years: SonicCare® Lock Picks (an experimental tool), and a recipe for a vegetarian (or vegan), gluten-free version of British-style Christmas Pudding.

On The Outside, Reaching In - version 0.3

Version 0.3 of On The Outside, Reaching In has been released. The main new feature is the inclusion of a pair of "generic" modules which can be used to exploit basic XXE vulnerabilities without having to wait for someone to write a full module. For example, if you can obtain content from a target system using the Burp Suite Repeater component, you can copy/paste your request into a template file, make a few modifications, and then be able to use On The Outside, Reaching In's features such as walking the filesystem (for Java-based targets), or doing blind reads of numerous files from a list. A detailed tutorial is available: OTORI - Example 7: Generic XXE Modules.

A few updates

An article I had to cut from the last update due to time constaints has been finished: OTORI - Exploring the Linux Filesystem is about using On The Outside, Reaching In to obtain a variety of useful information from Linux hosts thanks to the pseudo-files in /proc and the special content in a few other locations. This article is the main reason for version 0.2.1 of On The Outside, Reaching In, which includes some lists specifically designed to scrape content from /proc on Linux target systems — see OTORI - Exploring the Linux Filesystem for more details.

I also did some cleanup of the articles related to On The Outside, Reaching In — the FAQ is now a separate document to make the main page less wordy, the Squiz Matrix tutorial (OTORI - Example 2: Squiz Matrix) notes that it (like Mahara) needs to be run on a system without certain very recent libxml2 patches to be vulnerable, etc.

On The Outside, Reaching In, and She Wore A Mirrored Mask

My weekend project on and off since February has been a pair of penetration-testing tools. These are very early "preview" versions, but should work well enough to be useful for some people. I also wanted to be able to finally get some feedback on whether this was a useful direction to go in. It seemed to me like there was not a good tool in this space. Some might argue that there still isn't, of course :). They're both released under version 3 of the GPL.

On The Outside, Reaching In is designed to automate exfiltration of files from servers with XML External Entity ("XXE") vulnerabilities. It uses a Metasploit-style "module" system, because the specific mechanisms for exploiting this type of vulnerability vary too much for a generalized tool.

She Wore A Mirrored Mask is "a webserver with hidden talents" — it pretends to be something innocuous, but actually acts as a partner for On The Outside, Reaching In when using certain types of XXE exploit. In the future, it may do a lot more than that.

I included four detailed tutorials to get people started:

OTORI - Example 1: Apache Solr

OTORI - Example 2: Squiz Matrix

OTORI - Example 3: Mahara

OTORI - Example 4: McAfee ePO

Further updates to the Motorola article

I managed to track down the location-data-collecting component of Motorola's software on my phone - but before you get too excited, it was not enabled at the time. It's called "Little Sister", and I've added a section on it and a few other updates to the Motorola Is Listening article. I've also added a description of the hack/workaround I've used on my own device to prevent it from communicating with Motorola.

In the process of testing that hack/workaround, I learned something about HTTP proxies. Maybe it's common knowledge in some circles, but I sure hadn't run across it before. The details are in the HTTP Proxies and Loopback Addresses article.

I've made some minor corrections to the Multipurpose Man-in-the-Middle VM article as well, so if you've been giving that a shot and have run into trouble, those updates may help.

Looks like I forgot to actually upload the updated version of the XMPPPeek HTML file that included a link to the package with updated traffic-forwarding scripts. Sorry about that. It's been corrected.

MitM VM build guide updates/corrections

I've made a few corrections and additions to the Multipurpose Man-in-the-Middle VM writeup. I'd forgotten to include the steps for manually chaining SSL certificates together when performing a custom MitM (e.g. for XMPP communication and socat), and I've updated the troubleshooting steps I had to use to get the network configuration to "stick" on one of my VMs.

I've also updated the traffic-forwarding scripts that are included with XMPPPeek.

DIY traffic-intercepting Linux VM build guide

As promised in the Motorola Is Listening and XMPPPeek articles, I've created a guide to building the type of Linux VM that I used for my testing: Multipurpose Man-in-the-Middle VM.

Some corrections and minor updates have been made to the XMPPPeek and Motorola Is Listening articles as well.

A few more updates to the Motorola article

Added a bit more information and a table-of-contents to the Motorola Is Listening article.

[ Page Icon ]