Rocksolid Light

Welcome to RetroBBS

register  nodelist  faq  

A lack of leadership is no substitute for inaction.


rocksolid / Security / latest

Re: remote code exec in dnsmasq

rocksolid.shared.security

Posted: 4 Hours 36 Minutes ago by: Marc SCHAEFER"

If you have a firewall behind your router, protecting the router from accessing your internal network, then you are presumably safe, if using tor only. Else, the router could use vulnerabilities in your OS software (including any printer

Re: remote code exec in dnsmasq

rocksolid.shared.security

Posted: 4 Hours 37 Minutes ago by: Marc SCHAEFER"

I would assume that if it has a Linux or BSD OS, and it has a DNS functionnality, it is dnsmasq.

Re: remote code exec in dnsmasq

rocksolid.shared.security

Posted: 17 Hours 28 Minutes ago by: AnonUser"

Is there a way to check which dns server software is being used? I mean other than having full login access to whatever it runs.

Re: remote code exec in dnsmasq

rocksolid.shared.security

Posted: 17 Hours 50 Minutes ago by: Guest"

If you can find out the system of your router, it should be easy to verify. Or you run the attack against your own router (bit more effort). -- Posted on def3

Re: remote code exec in dnsmasq

rocksolid.shared.security

Posted: 21 Hours 15 Minutes ago by: Marc SCHAEFER"

However, your IP router might well run dnsmasq.

remote code exec in dnsmasq

rocksolid.shared.security

Posted: 22 Hours 45 Minutes ago by: Anonymous"

https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf CVE-2020-25681: Heap-based buffer overflow with arbitrary overwrite Thank fuck I am on tor and don't rely on DNS.

None

rocksolid.shared.security

Posted: 4 Days 12 Hours ago by: Anonymous"

You missed it could be a one liner, a single touch with the right garbage that causes a reboot from the kernel and blasts away all the recovery and inode data but it will look more complicated than C:/:$i30:$bitmap . This requires informat

Re: WIndows 10 NTFS bug

rocksolid.shared.security

Posted: 4 Days 20 Hours ago by: Anonymous"

that is not the same by far. exhausting inodes with time is not the same as a oneliner that causes immediate reboot and leaves the hd broken after.

None

rocksolid.shared.security

Posted: 4 Days 22 Hours ago by: Anonymous"

unzip $file, tar -xf $file, cpio -i -F $file, mkdir $garbage, touch $garbage, mv file $garbage, etc. It's similar not the same but from a quick search ntfs and redsea have the same fundamental flaws so this method can also be used. This is

Re: WIndows 10 NTFS bug

rocksolid.shared.security

Posted: 4 Days 23 Hours ago by: Anonymous"

If that is true, what is the command triggering it ?

None

rocksolid.shared.security

Posted: 5 Days 10 Hours ago by: Anonymous"

Un*x filesystems suffer a similar fate, this will probably be throw under the rug and never addressed.

WIndows 10 NTFS bug

rocksolid.shared.security

Posted: 5 Days 14 Hours ago by: Anonymous"

Ever wanted to crash your NTFS hd under Windows 10 ? Seems like one command is enough: C:/:$i30:$bitmap Can be delivered in many different formats, does not need privileges....perfect https://www.bleepingcomputer.com/news/security/windows

Juniper OS protects your network

rocksolid.shared.security

Posted: 6 Days 19 Hours ago by: Anonymous"

...unless it trying to check your license: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11108 Their license demon is vulnerable for local privilege escalation. Holy shit, if there is one thing I would not have on a firewal

Re: https://github.com/oskarsve/ms-teams-rce

rocksolid.shared.security

Posted: 25 Days 10 Hours ago by: Anonymous"

I don't. If I had it I would probably not publish it for free, at least at first. You have something to do between the years ? :-] That should suffice to figure it out. --d2feaacbbb141806b5d4ea2687eccc18c68187db Content-Disposition: form-d

None

rocksolid.shared.security

Posted: 25 Days 12 Hours ago by: Anonymous"

so does anyone have non redacted version of the RCE?

redacted

rocksolid.shared.security

Posted: 25 Days 12 Hours ago by: Anonymous"

anyone has the redacted RCE POC for this teams thing?

Re: Internet of shit : this time, the doorbell

rocksolid.shared.security

Posted: 28 Days 2 Hours ago by: Anonymous"

People buy it because they have no idea of the issue. Most wouldn't understand if you tried to explain it and then they may think you're just a nut. I bought a wireless security cam a few years ago and tried to hook it up. It's a nice ca

Internet of shit : this time, the doorbell

rocksolid.shared.security

Posted: 28 Days 11 Hours ago by: Anonymous"

Quote/ The model we tested – the Victure VD300 – sends your wi-fi name and password to servers in China unencrypted. Any hacker able to intercept this data could waltz right into your home network and gain access to other devices on

18 recent articles found.

rocksolid light 0.6.7
clearnet i2p tor