Adrian Pastor

pagvac

Adrian "pagvac" Pastor, BSc (Hons) Computer-aided Engineering, has been part of the IT security industry for several years and from an early age has been involved with the whitehat hacker scene as a hobbyist. He has authored several papers, numerous vulnerability advisories and has spoken at events such as HITBSecConf Dubai, HITBSecConf Kuala Lumpur, CONFidence Krakow, Hack.lu Luxembourg, etc. Adrian is perhaps best known for finding critical vulnerabilities on the BT Home Hub, the most popular Wi-Fi home/SOHO router in the UK. more

Having fun with BeEF, the browser exploitation framework

We haven’t featured any guest bloggers in a while, but we’re glad to be featuring Chirstian Frichot this month! Christian is a security professional based in Perth, Western Australia. He’s currently working in the finance industry as part of a tight-knit internal team of security consultants doing their best to protect their business and customers from technical threats such as malware or insecure web applications. [...]

more | comments | comments rss | posted by

ColdFusion directory traversal FAQ (CVE-2010-2861)

A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

more | comments | comments rss | posted by

1ST European Edition of HITB Coming Up!

In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 6)

This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here.

As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]

more | comments | comments rss | posted by

Dnsmap v0.30 is now out!

After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info). Thanks guys, your feedback was highly valuable to me. [...]

more | comments | comments rss | posted by

Old-school Remote Command Exec Vulnerabilities on Avaya Intuity

Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX.

These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]

more | comments | comments rss | posted by

Of Sec Cons and Magstripe Gift Cards

I’ve been meaning to talk about CONFidence and EUSecWest for quite a while, but May was such an intense month for me, that’s hardly left me with any time for other things. I eventually got caught up with other matters, which resulted in me publishing this post about 2 months late.

I’ve been researching, pentesting, and preparing two different presentations which I gave at CONFidence in Krakow, and EUSecWest in London. pdp has also been busy presenting at AusCERT2009. [...]

more | comments | comments rss | posted by

CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept

I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project. I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow). [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 5)

This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4).

Mounting the filesystem on your workstation

There are many ways to mount the camera’s filesystem using the firmware binary. In this post, we’ll explain one way to mount firmware version v1.00R24 which is the latest available for the WVC54GCA model. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 4)

This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3).

There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]

more | comments | comments rss | posted by