Introduction

According to the project's home page,

Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks.

Django sits at the other end of the python web service spectrum. Each has their own advantages and disadvantages. If I had to pick a downside for Flask, it is that can be easy to introduce unintentional vulnerabilities. This is not a problem with Flask itself, but is a result of improper sanitizing of user input.

Anyone who runs a server connected to the internet can tell you that they get hammered all day every day by bots. Sometimes, a human is poking at things looking for vulnerable applications. Quite a while ago, I created a simple php script to randomly pretend to be one of the 3 web servers (Apache, Nginx, IIS).

Due to copyright, I am not sharing the source code from the html page for IIS. They are pretty easy to find without downloading/installing the package. The NGINX source is available on Github I tried to find the one served by Apache2, but could not find the page I wanted. Fortunately, it happened to be available on one of my other servers so I just copied it over from there.

Recently, I completed a CTF challenge that involved an interesting vulnerability. Since the challenge is active, I won't be providing screenshots, but I've kept things general enough that it shouldn't spoil anything.

The web app

The entire app was provided with a dockerfile, so it could be run offline.

My first step was to investigate the app and see what vulnerabilities might exist. The web app is very simple, and was developed using Flask. It contains a single web page that allows you to upload a tar.gz file. The uploaded file is extracted using the tarfile library. The validation of user uploaded file is insufficient.

Introduction

A few years ago, I bought a remote controlled outlet from Walmart. I don’t recall the exact price, but it was less than $20. It was pretty much purchased for the explicit reason of trying to understand how they worked. The end goal, is that I wanted to know if

1. I could decode/intercept the signals
2. It was vulnerable to replay attacks

Tools Used

• RTL SDR
• Yardstick One
• Inspectrum
• GQRX
• rfcat

This is going to be quite a long post, so I suggest getting a cup of coffee before continuing. At the end, I have included a youtube video showing the entire process.

Introduction

I’ve been interested in RFID hacking for a really long time. The "gold standard" has been the proxmark series of tools. Unfortunately, these are quite expensive, especially for a hobbyist. However, thanks to the internet and the usual sources, there are pre-assembled versions available for under $100.

In this post, I’ll share a quick tutorial on how to clone an access control card to a rewriteable card.

The Hardware

The hardware I’m using was purchased from Amazon for $67. I don’t know what firmware was loaded on it, because it didn’t seem to work initially. The first thing I did was clone the RFID Research Group repository (sometimes known as the iceman repository). This contains both the proxmark software and the firmware for the device. The firmware is loaded by running ./pm3-flash-all in the repository after building. One issue is that the USB port on the long side of the device does not seem to work. I didn’t take any notes nor do I remember the exact process I followed, but I think it was pretty straight forward once it was actually speaking with my computer. I’m assuming that is for powering the device with something that can deliver more current than a standard USB port.

FYI, this is a rewrite of some work I did in 2016 and was previously hosted on my old blogspot account. In doing research for the rewrite, I found that several people had done largely similar work, but I have identified some new information, particularly the ability to format the disk drive by sending a post request.

Introduction

Before the Internet of Things (IoT) took over, homes and businesses were watched by closed circuit cameras, and some did have LAN and WAN remote viewing. The WAN connection was not through a cloud system, but rather a direct connection to the IP address of the device. Unfortunately, given the price point of these devices, a lot of security corners were cut.

In this post, I’ll discuss some hardware and a new build platform that I used to create an indoor/outdoor air quality monitor. This will be a multi-part post because it has several separate pieces of infrastructure.

In the late summer of 2020, wildfires were burning in Oregon. I saw lots of posts on twitter and other social media outlets of people constructing air filters out of box fans and household HVAC filters. I live on the East Coast, so I was not impacted, but I was curious about what the particulate matter content was inside/outside my home.

I go by haicen on IRC and other social media sites. If you have questions, or comments, I will also be posting the blog entries on Infosec.Exchange.

Here is a short list of my hobbies:

• cybersecurity
• lock picking
• model trains
• arduino
• raspberry pi
• ham radio/SDR