«
Expand/Collapse
72 items tagged "automation"
Related tags:
vulnerability [+],
home automation [+],
code execution [+],
vulnerabilities [+],
php nuke [+],
brute force [+],
disclosure [+],
sysax [+],
siemens automation [+],
siemens [+],
privilege escalation vulnerability [+],
local privilege escalation [+],
license [+],
ftp [+],
denial of service [+],
arduino [+],
Hardware [+],
sql [+],
spam image [+],
spam [+],
simpgb [+],
service [+],
safer use [+],
pommo [+],
null pointer [+],
maxsite [+],
manager version [+],
manager [+],
information disclosure [+],
image [+],
functionality [+],
firebook [+],
ecommerce [+],
denial [+],
content manager [+],
content [+],
code [+],
client [+],
clickcms [+],
cetera [+],
automation server [+],
aardvark [+],
usa [+],
smart way [+],
service vulnerability [+],
rockwell automation [+],
rockwell [+],
robots [+],
remote [+],
path [+],
openplc [+],
network automation [+],
network [+],
multitude [+],
multiple [+],
information disclosure vulnerability [+],
industrial automation [+],
home automation system [+],
halloween [+],
execution [+],
enterprise [+],
drupal [+],
automation products [+],
arbitrary code [+],
work [+],
wordpress [+],
wireless modules [+],
wireless home automation [+],
whole house audio systems [+],
whitepaper [+],
wall plugs [+],
voice control [+],
vnc [+],
video [+],
vaaseline [+],
unspecified [+],
udp services [+],
tunes [+],
track [+],
terrarium [+],
temperature air [+],
tcp [+],
sulley [+],
staple [+],
stack buffer [+],
ssl [+],
specialty plants [+],
smart phone [+],
slides [+],
serious research [+],
security problem [+],
security experts [+],
scott [+],
scanned [+],
satellite controllers [+],
russell [+],
ruby [+],
rube goldberg machine [+],
rube goldberg [+],
rslinx [+],
rob simon [+],
rnet [+],
rich smith [+],
raspberry [+],
python [+],
proof of concept [+],
project [+],
power over ethernet [+],
power grid [+],
power [+],
potential security vulnerability [+],
poe [+],
playing the harmonica [+],
phusion [+],
pdf [+],
opc [+],
oliver [+],
object [+],
musical [+],
mushroom [+],
msp430 [+],
module [+],
microsoft [+],
microcontroller [+],
mhz band [+],
mesh network [+],
machina [+],
low power [+],
krakow [+],
joseph [+],
jon [+],
jake [+],
insufficient [+],
ian harris [+],
http [+],
hp network [+],
home automation systems [+],
home automation hardware [+],
hola [+],
harmonica [+],
growing mushrooms [+],
fast track [+],
failure rate [+],
everything [+],
enterprise infrastructure [+],
engineering [+],
embedding [+],
electrical devices [+],
disclosure of information [+],
deus ex machina [+],
deus [+],
db services [+],
db service [+],
day [+],
danny [+],
csv format [+],
crash [+],
control stack [+],
commandeer [+],
capabilities [+],
buffer overflow vulnerability [+],
buffer overflow [+],
blackberry [+],
black hat [+],
auxiliary modules [+],
auxiliary [+],
automation project [+],
automation network [+],
automation control [+],
automated [+],
anthony [+],
accediendo [+],
Videos [+],
cross [+],
hacks [+],
home [+],
site [+]
-
-
16:00
»
SecuriTeam
Multiple Rockwell Automation products are prone to a remote denial-of-service vulnerability.
-
-
16:00
»
SecuriTeam
Sysax FTP Automation is prone to a local privilege-escalation vulnerability.
-
-
7:00
»
Hack a Day
Stepping out onto just about any factory floor you’ll find complex automatons building anything and everything imaginable. These machines need to be controlled somehow and before the age of computers these manufacturing robots were controlled with relays wired together to produce a multitude of actions. Relays, no matter how reliable and bulletproof the are, can’t be programmed without [...]
-
7:00
»
Hack a Day
Stepping out onto just about any factory floor you’ll find complex automatons building anything and everything imaginable. These machines need to be controlled somehow and before the age of computers these manufacturing robots were controlled with relays wired together to produce a multitude of actions. Relays, no matter how reliable and bulletproof the are, can’t be programmed without [...]
-
-
14:01
»
Hack a Day
This home automation hardware turns on and off the lights based on room occupancy. The hack is an extension of an earlier version that was only a proof of concept. [RPisces] took the idea and made it into reality by mounting the sensor hardware in a doorway. He prototyped the device using the MSP430 launchpad. [...]
-
-
10:01
»
Hack a Day
[Jake] took some cheap hardware and figured out a way to use it as a huge home automation network. He’s chose a Raspberry Pi board to connect the radio controlled power outlets to his network. He wrote about his project in two parts, the first is hacking the RC outlet controller and the second is [...]
-
-
13:01
»
Hack a Day
[Joseph] wrote in to share this home automation system he’s working on as a college project. He calls it the Room Engine and the house-side of the hardware is built on top of the circuit you see here. This is the most basic part of the REBoard, which is meant to connect to a computer [...]
-
-
13:41
»
Hack a Day
X10 has been around for a long time. It’s the brand name for a set of wireless modules used to switch electrical devices in the home. There’s all kinds of different units (bulb sockets, electrical outlets and plug pass-throughs, etc.) and they’re mass-produced which makes them really inexpensive. Whether you already have some X10 controlled [...]
-
-
15:52
»
Packet Storm Security Exploits
Siemens Automation License Manager versions 500.0.122.1 and below suffer from code execution, exceptions, NULL pointer and file overwriting vulnerabilities.
-
15:52
»
Packet Storm Security Recent Files
Siemens Automation License Manager versions 500.0.122.1 and below suffer from code execution, exceptions, NULL pointer and file overwriting vulnerabilities.
-
15:52
»
Packet Storm Security Misc. Files
Siemens Automation License Manager versions 500.0.122.1 and below suffer from code execution, exceptions, NULL pointer and file overwriting vulnerabilities.
-
-
14:19
»
Packet Storm Security Exploits
poMMo Aardvark version PR16.1 and below suffer from brute force, insufficient anti-automation, and cross site scripting vulnerabilities.
-
-
6:01
»
Hack a Day
[Scott] wrote in to share a project he is currently working on, a home automation system that relies on Power over Ethernet. While he’s not completely finished, he’s made some great progress, and the work he has done so far definitely piqued our interest. Part of [Scott’s] design relies on some reverse engineered Blackberry screens [...]
-
-
15:39
»
SecuriTeam
A potential security vulnerability has been identified with HP Network Automation running on Linux, Solaris, and Windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:08
»
Hack a Day
[Russell] sent in a neat home automation project he’s been working on. Even though the project only has two devices so far, we can already see the potential of his project. Instead of the X10 standard that has been a staple of home automation for more than 30 years, [Russell] went with ZigBee modules. Aside [...]
-
-
4:05
»
Hack a Day
As home automation becomes more and more popular, hackers and security experts alike are turning their attention to these systems, to see just how (in)secure they are. This week at DefCon, a pair of researchers demonstrated just how vulnerable home automation systems can be. Carrying out their research independently, [Kennedy] and [Rob Simon] came to [...]
-
-
14:29
»
SecuriTeam
A potential security problem has been identified with HP Client Automation Enterprise software running on Windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:41
»
Packet Storm Security Exploits
Cetera eCommerce versions 15.0 and below suffer from remote SQL injection, path disclosure, abuse of functionality, and insufficient anti-automation vulnerabilities.
-
13:41
»
Packet Storm Security Recent Files
Cetera eCommerce versions 15.0 and below suffer from remote SQL injection, path disclosure, abuse of functionality, and insufficient anti-automation vulnerabilities.
-
13:41
»
Packet Storm Security Misc. Files
Cetera eCommerce versions 15.0 and below suffer from remote SQL injection, path disclosure, abuse of functionality, and insufficient anti-automation vulnerabilities.
-
-
18:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
6:15
»
Carnal0wnage
In the previous
post I talked about using the db_service -R to use the information in your database/workspace to throw an auxiliary module at hosts that had port 443 open.
Let's take this one step further...and throw multiple aux modules against the hosts that have port 80 open.
I'm going to use a resource script to do this. The cool thing about resource scripts is that you dont have to do them just at startup. You can do them anytime on the console.
msf auxiliary(options) > resource
Usage: resource path1 path2 ...
Run the commands stored in the supplied files.
In this case i want to run two modules against every port that has 80 open. Here's some code to do it:
set THREADS 10
[ruby] **#replace [ and ] with their respective ""**'
#start with an array to hold our modules we want to run
modules = [
"auxiliary/scanner/http/http_version",
"auxiliary/scanner/http/options",]
#another array for our hosts
hosts = []
framework.db.services.each do |service|
if service.port == 443
hosts end
end
#loop through each module in the list
modules.each do |blah|
self.run_single("use #{blah}")
puts ("\nRunning Auxiliary Module #{blah}")
#for each host with 443 open, set appropriate configs and run the module against it
hosts.each do |rhost|
self.run_single("set RHOSTS #{rhost}")
self.run_single("set RPORT 443") #change to the port above
self.run_single("set SSL TRUE")
self.run_single("run")
end
end
[/ruby] **#replace [ and ] with their respective ""**
Running it:
msf auxiliary(options) > resource /home/user/.msf3/aux_do_dbhosts.rc
resource (/home/user/.msf3/aux_do_dbhosts.rc)> set THREADS 10
THREADS => 10
[*] resource (/home/user/.msf3/aux_do_dbhosts.rc)> Ruby Code (962 bytes)
Running Auxiliary Module auxiliary/scanner/http/http_version
RHOSTS => 192.168.1.10
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.106
RPORT => 443
SSL => TRUE
[*] 192.168.1.106 nginx/0.6.32 ( 302-http://192.168.1.106/ )
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.107
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.135
RPORT => 443
SSL => TRUE
[*] 192.168.1.135 Apache/2.2.11 (Ubuntu) mod_ssl/2.2.11 OpenSSL/0.9.8g Phusion_Passenger/2.2.15 ( Powered by Phusion Passenger (mod_rails/mod_rack) 2.2.15 )
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.168
RPORT => 443
SSL => TRUE
[*] 192.168.1.168 Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.3 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_wsgi/1.3
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.229
RPORT => 443
SSL => TRUE
[*] 192.168.1.229 Apache/2.2.9 (Debian) DAV/2 SVN/1.4.2 PHP/5.3.2-0.dotdeb.1 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.2 Perl/v5.8.8 ( Powered by PHP/5.3.2-0.dotdeb.1 )
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Running Auxiliary Module auxiliary/scanner/http/options
RHOSTS => 192.168.1.10
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
RHOSTS => 192.168.1.100
RPORT => 443
SSL => TRUE
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
...SNIP...YOU GET THE IDEA...
-CG
thanks to hdm and jcran
-
-
12:42
»
Carnal0wnage
So a coulple of cool updates lately to metasploit framework. If you check out db_services you'll see a super handy feature of "-R"
msf auxiliary(http_version) > db_services -h
Usage: db_services [-h|--help] [-u|--up] [-a ] [-r ] [-p ] [-n ] [-o ]
-a Search for a list of addresses
-c Only show the given columns
-h,--help Show this help information
-n Search for a list of service names
-p Search for a list of ports
-r Only show [tcp|udp] services
-u,--up Only show services which are up
-o Send output to a file in csv format
-R,--rhosts Set RHOSTS from the results of the search
Available columns: created_at, info, name, port, proto, state, updated_at
In the past you could list your hosts by port (db_services -p 80) but I want to be able to USE those hosts and throw modules at them, bring in the -R option
msf auxiliary(http_version) > use auxiliary/scanner/http/options
msf auxiliary(options) > db_services -R -p 80
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.1.245 80 tcp http open Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )
192.168.1.246 80 tcp http open Apache/2.2.3 (CentOS)
192.168.1.247 80 tcp http open Apache/2.2.12 (Ubuntu)
192.168.1.248 80 tcp http open lighttpd/1.5.0
192.168.1.249 80 tcp http open Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.11
192.168.1.251 80 tcp http open Apache
192.168.1.254 80 tcp http open Apache/2.2.3 (CentOS)
RHOSTS => file:/tmp/msf-db-rhosts-20110423-27121-10wiuni-0
msf auxiliary(options) > run
[*] Scanned 1 of 7 hosts (014% complete)
[*] Scanned 2 of 7 hosts (028% complete)
[*] 192.168.1.247 allows GET,HEAD,POST,OPTIONS methods
[*] Scanned 3 of 7 hosts (042% complete)
[*]192.168.1.248 allows OPTIONS, GET, HEAD, POST methods
[*] Scanned 4 of 7 hosts (057% complete)
[*] 192.168.1.249 allows GET,HEAD,POST,OPTIONS,TRACE methods
[*] Scanned 5 of 7 hosts (071% complete)
[*] Scanned 6 of 7 hosts (085% complete)
[*] Scanned 7 of 7 hosts (100% complete)
[*] Auxiliary module execution completed
-CG
-
-
11:30
»
Hack a Day
[Ian Harris] designed a bunch of home automation for his parents using X10 hardware. He was a bit disappointed by the failure rate of the modules and the overall performance of the system so he set out to replace it with his own hardware. Lucky for use he’s documented the journey in a four-part series [...]
-
-
13:01
»
Hack a Day
It seems that nearly everything is automated these days. Everywhere you look, people are being removed from processes in order to make them more efficient and less prone to mistakes. [Jon] however, saw one process that automation has yet to touch in a significant way – playing the harmonica. He constructed a harmonica-playing machine that [...]
-
-
10:22
»
Packet Storm Security Exploits
Firebook versions 3.100328 and below suffer from cross site scripting, information disclosure and anti-automation vulnerabilities.
-
-
14:18
»
Packet Storm Security Exploits
SimpGB versions 1.49.02 and below suffer from cross site scripting, brute force, insufficient anti-automation, and abuse of functionality vulnerabilities.
-
14:18
»
Packet Storm Security Recent Files
SimpGB versions 1.49.02 and below suffer from cross site scripting, brute force, insufficient anti-automation, and abuse of functionality vulnerabilities.
-
14:18
»
Packet Storm Security Misc. Files
SimpGB versions 1.49.02 and below suffer from cross site scripting, brute force, insufficient anti-automation, and abuse of functionality vulnerabilities.
-
-
8:36
»
Hack a Day
Here’s a bit of simple home automation using hacks with which we’re become pretty familiar. [Mrx23] combined OpenWRT, a microcontroller, and a set of RF controlled outlet switches to add automation to his plug-in devices. An RF remote that controls the switched outlets has been connected to an Arduino. The router communicates with the Arduino [...]
-
-
10:00
»
Hack a Day
The line between serious research and well-executed hacks has been getting pretty blurry lately. The device above could have been designed in your basement but it actually comes from researchers at the University of Washington. They are working on low-power home automation sensors for monitoring things like humidity, temperature, air quality, and light. The key [...]
-
-
11:42
»
Hack a Day
[Danny] has been working on an RNET to Sonos bridge. These are devices from two different manufacturers used to facility whole-house audio systems. Usually there’s a main controller with a large color screen and then several satellite controllers like the one above which have some of the features but at a lower cost. Normally you’re [...]
-
-
20:28
»
SecuriTeam
A vulnerability related to the disclosure of information was discovered in HP Client Automation Enterprise Infrastructure.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
8:00
»
Hack a Day
Like many specialty plants, growing mushrooms requires that you keep a fine balance between humidity and temperature. this can be fairly tedious at times, so many opt for automated systems. [Anthony_p1234] has chosen to build his own. Using an Arduino, he controls power to two heating pads, a sonic humidifier, and an air pump to keep his [...]
-
-
23:54
»
Packet Storm Security Misc. Files
Whitepaper called The Sulley Framework: Basics. Sulley is a fuzzer packed with interesting capabilities. Such as packet-capturing, crash reporting and VMware automation.
-
-
10:43
»
remote-exploit & backtrack
Hola ahora traigo otro video se trata de acceder a un sistemas por medio de Fast-Track (Autopwnage Automation) es un ataque automatizado que realiza automaticamente un escaneo con NMAP y explotacion de todos los puertos :) hay se los dejo gracias.
Video
youtube.com/user/sOrtHacK#p/u/3/fpafXE1CuQc
-
-
11:07
»
Hack a Day
[Oliver] has been doing some work to use his TI ez430 Chronos wristwatch for some home automation. He’s working with a RF controllable lightbulb adapter which operates in the 433 MHz band. A dirt-cheap breadboard-friendly transmitter is available from Seeed Studios and he uses this in conjunction with a computer and an Arduino. Before the [...]
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution