Recently I came across a few exploitable DoS conditions in Asus httpd while doing some fuzzing. Although these aren’t the most impactful bugs (the Asus watchdog process restarts httpd anytime it detects a crash) they can be exploited unauthenticated. Also, even though the watchdog restarts the service, it remains possible to just continue sending DoS requests, crashing it as soon as it restarts, lol. Unauthenticated DoS Conditions in Asus httpd First up, CVE-2023-34358

CVE-2023-34360 - Stored XSS in Custom UserIcons Whenever I get really bored I just turn back to my little Asus routers and say “buggo create-o” and invariably I find some sort of issue. Today I’m writing about some stored XSS I came across, receiving CVE-2023-34360 I stumbled across some functionality recently that I didn’t realize was functionality– after clicking around a bit I clicked one of the little device icons and was surprised to find a file upload form:

ARM… wait no, an arm! For the last 15 years I’ve identified myself as a climber– a boulderer at heart. I’ve spent a significant amount of my life pebble wrestling, with a good bit of sport climbing mixed in. Things changed this past September when I hit a not-so-rad jump on my mountain bike and got a grade 5 AC separation– oops. This could be considered a catastrophic injury for a person such as myself to face.

vsftpd Fuzzing Placeholder for some vsftpd fuzzing notes

This post is just a collection of my notes and experiences reversing, compiling and emulating Asus proprietary and Asuswrt-Merlin software, on an Ubuntu 20.04 box. It’s a bit of a pain really, I thought it would be pretty easy but everything’s been an issue, which is also what makes it sorta fun.

Worked primarily with https://github.com/RMerl/asuswrt-merlin.ng for the RT-AX88U router, but some binaries are just closed-source :/

Homelab pfsense Update This past year I purchased a permanent location for my networking gear– it also happened to come with bathrooms, bedrooms and a kitchen, which were all a plus. I’ve been fortunate to be able to buy a home and one of my dreams as a kid was to be able to have a cool “home lab”. While I’ve had a bit of a lab, it’s been getting upgraded since moving and I found myself running a pfsense / pfblockerng setup at the suggestion of my friend Outrun207.

My whole perspective on “modern appliances” changed within the last few years, and I’ve started to look at things with a different mindset. In the past I’ve avoided anything “smart” because I didn’t want it on my home network. Perhaps the utility of some of them slowly won me over (read: neat stuff they do), but these days if I’m looking to buy something, most of the time it gets bonus points for being “smart”. I just want to take them home, connect them to my lab wifi and hack them. For instance, we just got a smart humidifier. What the hell? Why would they make that? Convenience I guess, but it’s awesome and I can’t wait to scan it.

Below are my old blog posts for the SLAE32 ‘certification’. Task 1: ASM TCP Bind Shell Requirements: Binds to a port Executes a shell on incoming connection Port should be ’easily’ configurable I wrote a C bind shell based off of other posts in order to better understand the requirements. In actuality, I wrote multiple as I found better ways of writing the same code, as one does. My final C file is below:

Walkthrough Walkthrough of a CTF hosted by DC207 back in April 2020. It was a blast and I won! Fun Fun Fun Fun #1 If only it were that easy Solve the puzzle for the solution: yetz{lhfxpaxkxhoxkmaxvbiaxk} It’s a caesar cipher! ROT[ate]7! flag{somewhereoverthecipher} #2 Horse Meatballs Attached is the clue. Decode the message, the flag is the name of the source of the content: notavirus.wav Hmm, well, since it’s not a virus I downloaded the file and opened it.

Your browser doesn't support embedded videos, but don't worry, you can download it and watch it with your favorite video player! Alright, so I’ve had an RPi for a while, and it’s had various… uses. One time I thought it might be fun to set up a streaming box, so I did that for a bit, but then some dependency issues came up with netflix and widevine and, well, it became easier to just buy a Google Home.