simonemainardi

D-Link camera sending video in clear over the Internet

After the interesting talk of my friend Luca Deri at the SharkFest EU 2018, I was curious to see how secure was my D-Link security camera.

So I used my computer to share the WiFi internet collection to the camera connected via Ethernet. Then I started sniffing on the Ethernet interface with wireshark and turned on the d-link.

Then, I opened "My Dlink" iPhone app to actually see the video of my camera.

Surprise, the camera sends HTTP in clear with h264 video.

simonemainardi

Using Blind SQL Injections to Retrieve Access Credentials of a Website

In this gist I show how I leveraged a boolean-blind sql injection to gain access to a protected website. The injection allowed me query the website database and retrieve a valid pair username/password. Using the retrieved credentials I was able to login into the protected section of the website.

Software Used

To perform the attack I used:

• sqlmap to discover the website was vulnerable to SQL injections.
• Burp Suite to forge and send POST requests to the website login page, carrying payloads opportunely crafted with SQL queries.

simonemainardi

Disassemble and Modify an Binary To Change a Function

In this gist I show how to disassemble and modify a Linux executable binary to change the body of a function. This will allow you to control how a binary behaves, even when you don't have access to the source code and you can't recompile it.

In my case, I was asked to try and bypass the protection mechanism implemented. The protection mechanism implemented was meant to only allow a binary to be run in presence of a valid license.

So basically my activity involved:

• Finding the function which performs the protection check
• Disassembling the binary