Showing posts from September, 2021

Geeking Out on IBM i - Part 2

(This is part 2 of a three part series.  To view part 1, click here ) Network Configuration This part in the three-part "Geeking Out on IBM i" series focused on network configuration. This series is an effort to make IBM i (AS/400) lingo and concepts easily accessible to the hacker community, hoping to reduce the barrier of entry for security research. Configuring the IBM i Network Interfaces was an interesting challenge for me, a primarily Linux/Unix person.  When we finally got time to work on this project, Michigan was just heading into COVID19 lockdown, and remote-access to the machine was becoming urgent.  That made all of this a little more stressful.  I found a couple different “configuring TCP/IP on IBM i” articles on the Internet.  As usual, they were written for other versions of the OS, probably naming the system “AS/400” or “iSeries.”  This created some anxiety for this newly-minted IBM i geek.  I guess I have seen the exact same thing on all the different versio

Mama Always Told Me Not to Trust Strangers without Certificates

Introduction This blog post details a vulnerability, the exploitation of which results in Remote Code Execution (RCE) as root, that impacts many modern Netgear Small Offices/Home Offices (SOHO) devices. The vulnerability isn’t your typical router vulnerability, in that the source of the vulnerability is located within a third-party component included in the firmware of many Netgear devices. This code is part of Circle , which adds parental control features to these devices. However, since this code is run as root on the affected routers, exploiting it to obtain RCE is just as damaging as a RCE vulnerability found in the core Netgear firmware. This particular vulnerability once again demonstrates the importance of attack surface reduction. The Circle update daemon that contains the vulnerability is enabled to run by default, even if you haven’t configured your router to use the parental control features. While it doesn’t fix the underlying issue, simply disabling the vulnerable code w