maleadt     about     archive

sudo — local privilege escalation

sudo is a popular program for executing commands as a substitute user, most of the times root. For the purpose of user-friendliness, sudo caches the right to elevate for several minutes. By hooking user-level library calls using LD_PRELOAD and waiting until the user unlocks sudo, we can abuse this caching mechanism and gain elevated access.

Click here to read more

Bypassing connection tracking for BitTorrent traffic

iptables doesn’t like torrent traffic. More specifically, its connection tracker (dubbed conntrack) easily gets confused by connections to and from the swarm. In order to get all traffic through, I decided to bypass connection tracking for BitTorrent traffic, which has significantly improved my up- and downloading speeds!

Click here to read more

Reversing the RCRF-03 clicker

Nowadays, classroom performance systems seem to be all the rage. Likewise at my uni, where I came across the Turning Technologies RCRF-03 clicker. Having read Travis Goodspeed’s hack of the RCRF-01, I decided to have a go at the newer model. The goal of this hack is to extract and reverse-engineer the executed code, and subsequently sniff or forge votes (spoiler: I failed).

Click here to read more

Compiling Julia for NVIDIA GPUs

For the few last months, I have been working on CUDA support for the Julia language. It is now possible to write kernels in Julia and without much hassle execute them on a NVIDIA GPU, but there are still many limitations. As I unexpectedly won’t have much time to work on this anymore, I’m publishing and documenting my work already.

Click here to read more

Knocking ports from your browser

After switching my SSH server over from some random high port to tcp/22, I have been seeing loads of brute-force activity trying to gain access. Even though those attempts are futile, I don’t like the attention. Besides, who knows what vulnerabilities may crop up yet.

In search for a good protection measure, I decided to avoid exposure of critical services through a layer of port knocking. Traditionally, one relies on special network traffic (sequence of connection attempts, specific packet with encrypted payload, …) to temporarily open up additional ports. However, generating such traffic is not user friendly (ie. requires some tool or script) and it can be hard getting it through strict firewalls.

Click here to read more