5 min
IoT
R7-2016-01: Null Credential on Moxa NPort (CVE-2016-1529)
This advisory was written by the discoverer of the NPort issue, Joakim Kennedy
of Rapid7, Inc.
Securing legacy hardware is a difficult task, especially when the hardware is
being connected in a way that was never initially intended. One way of making
legacy hardware more connectable is to use serial servers. The serial server
acts as a bridge and allows serial devices to communicate over TCP/IP. The
device then appears on the network as a normal network-connected device. This
allows for remote
6 min
IoT
Smile! You're on Candid APT
Recently IP camera hacking has taken front stage in the news
[http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/]
. Actually, hacking IP cameras is not all that new—it's been around for a number
of years—but historically the focus has been related to gaining access to just
the video portion of the camera. But with IP cameras being one of the many IoT
technologies out there often found to be improperly secured, I figured it was
time to look
2 min
IoT
CVE-2015-7547: Revenge of Glibc Resolvers
If you've been involved in patch frenzies for any reasonable amount of time, you
might remember last year's hullabaloo around GHOST
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed], a
vulnerability in glibc's gethostbyname() function. Well, another year, another
resolver bug.
gethostbyname(), meet getaddrinfo()
This time, it's an exploitable vulnerability in glibc's getaddrinfo(). Like
GHOST, this will affect loads and loads of Linux client and server applications,
and lik
2 min
Vulnerability Disclosure
R7-2015-26: Advantech EKI Dropbear Authentication Bypass (CVE-2015-7938)
While looking into the SSH key issue outlined in the ICS-CERT ISCA-15-309-01
[https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01] advisory, it became
clear that the Dropbear SSH daemon did not enforce authentication, and a
possible backdoor account was discovered in the product. All results are from
analyzing and running firmware version 1322_D1.98, which was released in
response to the ICS-CERT advisory.
This issue was discovered and disclosed as part of research resulting in
Rapid7's dis
4 min
Metasploit
512 Days of HaXmas: Metasploit's IoT WebApp Login Support
This is the sixth post in the series, "The Twelve Days of HaXmas."
Well, the year is coming to a close, and it's just about time for the annual
breakdown of Metasploit commit action. But before we get to that, I wanted to
take a moment to highlight the excellent work we landed in 2015 in adding new
web application login support to Metasploit. After all, who needs exploits when
your password is "public" or "admin" or "password" or any other of the very few
well-known default passwords? Maybe i
4 min
IoT
The Internet of Gas Station Tank Gauges -- Take #2
In January 2015, Rapid7 worked with Jack Chadowitz and published research
[/2015/01/22/the-internet-of-gas-station-tank-gauges] related to Automated Tank
Gauges (ATGs) and their exposure on the public Internet. This past September,
Jack reached out to us again, this time with a slightly different request. The
goal was to reassess the exposure of these devices and see if the exposure had
changed, and if so, how and why, but also to see if there were other ways of
identifying potentially exposed
3 min
Metasploit
Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis
D-Link Embedded Device Shells
This week, esteemed Metasploit [https://www.metasploit.com/download/]
contributor @m-1-k-3 [https://github.com/m-1-k-3] has been at it again with his
valiant personal crusade against insecure SOHO (small office/home office)
embedded devices with known vulnerabilities. We have a new trio of modules that
target D-Link gear, based on the research released by Craig Heffner and Zachary
Cutlip, which exploit two bugs present in the DSP-W215 Smart Plug, and one UPnP
comma