Monthly Archives: July 2016

Mr Robot directory traversal flaw.

I saw an ad for cox advertising USA networks Mr Robot.

I have already seen the series and was wondering if they had new episodes.

So I found https://www.whoismrrobot.com/ .

I was like woah… this is really cool as it has a terminal.

Opened a terminal and found it (by design) only has 3 commands (yikes!).

LS, CD, and OPEN in lowercase.

I was like geeze this seems kinda limited so I found they have a problem when you pass a directory to it containing a well known (ancient I should say) string of characters.

 

Try it for yourself: open /../

breaks you out of the chroot dir.

 

I probably could have gone for a root compromise but I had no way of knowing at that time if this was a root dir of a server or just a fake server made by web code.

 

Well there you have it. A little harmless hack trick for Mr Robot.

Figured it was an easter egg. But seeing as I do not look good in an orange jumpsuit I stopped there.

a new power source?

is it possible that one could use a gamma ray emitter to create a laser system which could output more energy than used to produce it? in this example one would use a medium like radon gas of which is irradiated and kicks out more radiation than it is irradiated with.

Simple nmap front end for android

I have been wanting to run my nmap scans from my phone with the android ui.

So I created a little application to do a syn scan and report the results.

The app just asks you to input the ip and then click run nmap.

The results of the scan will be below.

 

It is a very simple app, but it what I needed.

I am thinking on creating an actual front end for some of the scans available but I have yet to get off my ass and do that.

The source code is available at: http://www.coolfuion.com/Nmap-syn-frontend-android.tar.gz

the apk alone is available at: http://www.coolfuion.com/Nmap-syn-frontend-android.apk

 

This assumes you have read my article on compiling nmap for android and have installed the nmap binary.