So maybe ‘weekly’ isn’t really the right word for these posts ;]
With all the stuff going on in the weekends, I kinda missed a few of these roundups.
This post by mwrsecurity goes into great detail about bypassing Windows 8 kernel memory protection strategies. It talks about allocating user-land memory and then corrupting paging structures, so that the kernel thinks believes that piece of memory is executable as kernel-land code… Pretty clever stuff!
I came across this exploit, which allows attackers to change the DNS settings of a specific model D-Link router remotely and unauthenticated. Scary stuff! Makes you wonder if manufacturers spend any time at all securing these appliances…
And finally, a while ago I found this blog on willhackforsushi.com which actually refers to one of my old boot2root writeups! In that VM, I had difficulty getting
sqlmap to upload a webshell and I finally did it manually. The problem was fixed by Josh by starting with valid data for the SQL injection! The SQL code that stores the webshell on the remote server needs at least one valid line from the database and this condition is only triggered when valid input (like an existing username) is supplied. Good job figuring out the root cause!