Jekyll2024-08-26T17:36:03+00:00https://h00die-gr3y.github.io/feed.xmlThe wonderfull world of HackingCrossing the thin grey line of Hacking is like jumping in the boat with Hades to sail you across the river StyxH00die Gr3yHow to spawn an UART shell?2024-08-26T00:00:00+00:002024-08-26T00:00:00+00:00https://h00die-gr3y.github.io/howto-uart-shellHacking IoT hardware to find exploits is fun but can be challenging if you do not have access to the Firmware.
Using Firmware emulation allows you to gain access to the firmware without having the hardware in hand. But if you have access to the IoT hardware, the other way to gain access is to detect and spawn an UART shell.
In my article Spawning UART shells, I explain how to do this using a Flipper Zero.

Happy reading!

]]>H00die Gr3yOpenMediaVault Metasploit exploit module2024-07-31T00:00:00+00:002024-07-31T00:00:00+00:00https://h00die-gr3y.github.io/openmediavault-exploitThis is a new module addressing an old vulnerability in OpenMediaVault, an open-source NAS solution. The vulnerability exists within all OpenMediaVault versions starting from 0.1 until the recent release 7.4.2-2 and it allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. I created a Metaspoit module unix/webapp/openmediavault_auth_cron_rce that has been released in main stream of Metasploit.

Annoucement will follow shortly.

]]>H00die Gr3yGeoServer Metasploit exploit module2024-07-16T00:00:00+00:002024-07-16T00:00:00+00:00https://h00die-gr3y.github.io/geo-server-exploitRecently CVE-2024-36401 was announced that describes a vulnerability in GeoServer. GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets.

Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.

Affected versions:

>= 2.24.0, < 2.24.4
>= 2.25.0, < 2.25.2
< 2.23.6

I created a Metaspoit module exploit/multi/http/geoserver_unauth_rce_cve_2024_36401 that has been released in main stream of Metasploit.

See also Metasploit-weekly-wrap-up-7-19-2024

]]>H00die Gr3yWelcome to my site!2024-07-15T00:00:00+00:002024-07-15T00:00:00+00:00https://h00die-gr3y.github.io/my-first-postHello world, this is my first blog post.

This is the initial release of the website. It took me a while to get up and running, but it is live now… I hope you like it!

]]>H00die Gr3y