This is the personal website of Ben Lincoln.
|On The Outside, Reaching In - version 0.3|
Version 0.3 of On The Outside, Reaching In has been released. The main new feature is the inclusion of a pair of "generic" modules which can be used to exploit basic XXE vulnerabilities without having to wait for someone to write a full module. For example, if you can obtain content from a target system using the Burp Suite Repeater component, you can copy/paste your request into a template file, make a few modifications, and then be able to use On The Outside, Reaching In's features such as walking the filesystem (for Java-based targets), or doing blind reads of numerous files from a list. A detailed tutorial is available: OTORI - Example 7: Generic XXE Modules.
|Posted by Ben Lincoln, 2014-07-20 @ 19:30|
|A few updates|
An article I had to cut from the last update due to time constaints has been finished: OTORI - Exploring the Linux Filesystem is about using On The Outside, Reaching In to obtain a variety of useful information from Linux hosts thanks to the pseudo-files in /proc and the special content in a few other locations. This article is the main reason for version 0.2.1 of On The Outside, Reaching In, which includes some lists specifically designed to scrape content from /proc on Linux target systems — see OTORI - Exploring the Linux Filesystem for more details.
I also did some cleanup of the articles related to On The Outside, Reaching In — the FAQ is now a separate document to make the main page less wordy, the Squiz Matrix tutorial (OTORI - Example 2: Squiz Matrix) notes that it (like Mahara) needs to be run on a system without certain very recent libxml2 patches to be vulnerable, etc.
|Posted by Ben Lincoln, 2014-06-22 @ 12:15|
|On The Outside, Reaching In, and She Wore A Mirrored Mask|
My weekend project on and off since February has been a pair of penetration-testing tools. These are very early "preview" versions, but should work well enough to be useful for some people. I also wanted to be able to finally get some feedback on whether this was a useful direction to go in. It seemed to me like there was not a good tool in this space. Some might argue that there still isn't, of course :). They're both released under version 3 of the GPL.
On The Outside, Reaching In is designed to automate exfiltration of files from servers with XML External Entity ("XXE") vulnerabilities. It uses a Metasploit-style "module" system, because the specific mechanisms for exploiting this type of vulnerability vary too much for a generalized tool.
She Wore A Mirrored Mask is "a webserver with hidden talents" — it pretends to be something innocuous, but actually acts as a partner for On The Outside, Reaching In when using certain types of XXE exploit. In the future, it may do a lot more than that.
I included four detailed tutorials to get people started:
|Posted by Ben Lincoln, 2014-06-15 @ 23:30|
|Further updates to the Motorola article|
I managed to track down the location-data-collecting component of Motorola's software on my phone - but before you get too excited, it was not enabled at the time. It's called "Little Sister", and I've added a section on it and a few other updates to the Motorola Is Listening article. I've also added a description of the hack/workaround I've used on my own device to prevent it from communicating with Motorola.
In the process of testing that hack/workaround, I learned something about HTTP proxies. Maybe it's common knowledge in some circles, but I sure hadn't run across it before. The details are in the HTTP Proxies and Loopback Addresses article.
I've made some minor corrections to the Multipurpose Man-in-the-Middle VM article as well, so if you've been giving that a shot and have run into trouble, those updates may help.
Looks like I forgot to actually upload the updated version of the XMPPPeek HTML file that included a link to the package with updated traffic-forwarding scripts. Sorry about that. It's been corrected.
|Posted by Ben Lincoln, 2013-07-28 @ 23:30|
|MitM VM build guide updates/corrections|
I've made a few corrections and additions to the Multipurpose Man-in-the-Middle VM writeup. I'd forgotten to include the steps for manually chaining SSL certificates together when performing a custom MitM (e.g. for XMPP communication and socat), and I've updated the troubleshooting steps I had to use to get the network configuration to "stick" on one of my VMs.
I've also updated the traffic-forwarding scripts that are included with XMPPPeek.
|Posted by Ben Lincoln, 2013-07-12 @ 18:30|
|DIY traffic-intercepting Linux VM build guide|
|Posted by Ben Lincoln, 2013-07-09 @ 21:00|
|A few more updates to the Motorola article|
Added a bit more information and a table-of-contents to the Motorola Is Listening article.
|Posted by Ben Lincoln, 2013-07-04 @ 16:00|
|The hits keep coming|
Another update to the Motorola Is Listening article - looks like I failed to notice an authentication-related problem until now.
|Posted by Ben Lincoln, 2013-07-03 @ 08:30|
I realized something while I was in the shower this morning - there may be a more serious security issue exposed by the mechanisms described in the Motorola Is Listening article. I've added a note near the top to this effect. It's entirely theoretical at this point, but I wanted to throw it out there in case anyone has more time to actively research this.
|Posted by Ben Lincoln, 2013-07-02 @ 08:30|
Motorola Is Listening certainly got a lot more attention than I expected. I've added a minor note near the top because a lot of the discussion I've seen is around the "MotoBlur" user interface, which the phone I used (the Droid X2) does not include.
I've also added a link to the UVIR Optics eBay store on the Filters page. They have some really nice filters available made out of hard-to-find (at least in the US) glass, and the prices are quite low.
|Posted by Ben Lincoln, 2013-07-02 @ 06:00|