Bellini Supercook Yumi Wi-Fi. The (in)security Perspective.

Oh, IoT. Internet of Things. How promising you are. Like most geeks I’ve dreamed of having everything electronic I own connected to the Internet. Ever since seeing the NetBSD Toaster online in 2005, my own mind and that of other developers, has clearly wandered into areas we never thought possible previously.

But, as anyone with any interest in Security will already be acutely aware of, the actual security of the software running on many of these things is, to put it lightly, COMPLETELY AND ABSOLUTELY TERRIBLE!

We were provided a beta device for assessment of the operation, and one of the things we said to the manufacturer at the time was that we would perform a security assessment of the device and provide our findings to them.

We did that. They went silent. I have no idea if any of this is resolved, or will ever be. We have reached out to the vendor to find out if they have resolved these issues. At the time of writing, we are running the same firmware version as the latest available on Supercook.me.

Read on for my full assessment of the Supercook Wi-Fi Yumi security.

Continue reading Bellini Supercook Yumi Wi-Fi. The (in)security Perspective.

What the hell just happened! Did you just get PWND?

So, if you’ve been following this blog for a while (there aren’t many, but I do know of a couple) you may have just seen a whole bunch of infosec/ctf/hacking-related content added to the site.

No, my blog hasn’t been hacked.

No, I’m not a skript kiddie.

No, I don’t illegally access sites or servers I don’t have permission to access.

Yes, I do consider myself a hacker – but in the true sense of the word. Someone who uses hardware and software for purposes they were not originally designed for. Not the meaning of the word used by the media – someone who accesses systems illegally.

Yes, I do operate a small Information Security group – aimed at fostering knowledge and understanding of information security issues.

Yes, I am involved with assessing security of software as part of my full-time software development role.

Yes, I often undertake CTF challenges on the weekends.

Yes, I am aiming to move into a role with more involvement in Information Security in the future.

No, I will not hack your ex-girlfriends Facebook, and nor do I know anyone who can.

I was starting to operate a small blog hosted on WordPress.com to host all my CTF and security related content, but it was then becoming a little annoying to have this blog sitting here, only hosting brewing content. I can’t see a reason why it can’t do both, so I imported all the images and content over here.

So, from here on there won’t be ONLY homebrewing posts, I’ll be posting on information security related topics too. There are a stack of homebrewers who are in the IT industry too, so I think that content will also be kind of interesting for some of you anyway. Likewise, InfoSec people are often basically functioning alcoholics too – so they’ll probably get something from the homebrewing content too 🙂

Enjoy!

Urrrrrgh…. OSMC/Kodi. Default passwords. Unprotected credentials. Default directories.

We run Kodi/OSMC on Raspberry Pi’s in our house, as media players. They work brilliantly. Give them a stable power supply, and they run forever.

But, last night and tonight I needed to get access to it via the shell to repair a plugin which fails to work properly.

OSMC has a default username and password.
It has a default directory.
Plugin and account passwords are in clear-text.
Screen Shot 2016-05-19 at 9.28.01 pm

So… it would take perhaps a half an hour for someone to write some Python code which checks for the defaults and raids the system for the usernames and passwords…

Red Team Engagements

I just LOVE this video! It’s coverage of RedTeam Security doing a Red Team engagement on a small US Power Company.

This has completely confirmed my desire to move into a hands-on white-hat penetration testing career (having spent the past 15 years as a developer and sysadmin), and it was a major driver for me to start doing CTF challenges before I get into doing the Offensive Security Certified Professional certificate, via the Pentesting with Kali course.

NullByte CTF – Walk Through

This is a writeup of the NullByte CTF challenge which can be found on VulnHub.

I really wasn’t sure what to do next after the last challenge, but this one looked as good as any!

I ultimately headed down the slightly wrong path at the end here, but I learned a lesson from that in itself. Also I learned about manual, blind SQL Injection rather than using SQLMap to do all the dirty work, so that was nice.

Continue reading NullByte CTF – Walk Through

Minotaur CTF – Walk Through

This is a writeup of the Minotaur CTF boot2root CTF VM which can be found on VulnHub.

This is my first CTF writeup, having previously done a couple of CTF challenges with varying levels of success. In each of the previous challenges I’ve done, I have had to look at other walkthroughs to get an idea of the next steps required. Pleasantly however in a couple of cases, the next step was what I’d assumed it would be – but thought to myself “Naa. That doesn’t seem right.”, only to find that in the walkthrough, that’s what they did.

For this CTF Walk Through, I’m going to give it my best go, without looking at other walk throughs. That is until I crack the shits and go looking for hints 🙂

Continue reading Minotaur CTF – Walk Through

SS Brewtech Chronical – Peltier Cooling

As I alluded to in the epic dragged out saga that is the Saison I brewed 3 weeks ago, I don’t have temp control on my SS Brewtech Chronical at the moment.

These SS Brewtech’s are awesome, especially for the price, they have a bunch of features that just aren’t available in some of the even more expensive brands (i.e. Blichmann). SS Brewtech offer a cooling option for these fermentors, but unfortunately I am not a fan of it, plus it doesn’t appear that it will work with the CIP/SIP capable 3″ tri-clover lid which is available shortly.

It is a small pump, a temp controller, and a stainless steel loop which hangs down (for the 17G anyway) from the lid of the fermentor into the wort. The temp controller switches on a pump when the wort is too warm, circulating cool water from an esky through the loop to cool the wort.

I dislike this solution. I do not want to be a slave to an esky full of cold water as it won’t stay cold enough for long enough. I don’t want to have to clean the cooling loop itself, as it will get krausen stuck to it. Also, unless it’s been updated recently it doesn’t work with the CIP/SIP lid that I am going to move to when available in Australia.

After thinking about it a bit, and looking at some other options that people have designed and sell, I designed an aluminium cooling block.

The intention is to have these machined by a hopefully local CNC workshop and then install these to the outside of the conical on the lowest part of the upper cylinder. I was planning on getting a number of the blocks machined as I’m not sure how well they will work – but the MoreBeer one sounds like it works pretty well with 4 peltier chips. Not sure of the size of the peltier chips or the blocks on the MoreBeer ultimate conicals.

So, as I’m intending though, it’s turning out to be a little tricky. As it’s a pretty small job, and I don’t want to spend thousands to buy a couple hundred items of something I don’t know if it will work or not, I’m struggling to find a local place that will machine it for me.

I’ve sent emails requesting quotes to a number of CNC workshops. It seems like the job is too small for most. The one and only quote I got back was $604/ea for 4!

I’m trying to keep this local, trying to get it done here, but it doesn’t look like I can afford it. I’ve asked for a favour from my old man who has some contacts, hopefully that will come off…

I’m not sure how I will heat the conical as yet. The SS Brewtech heater might be an option. It’s not too expensive, and it should do the job. Hopefully it doesn’t get too warm and cause autolysis though!

It’s the never ending Saison…

At least it seems like it anyway!

Tomorrow marks the 3rd week the Saison has been in the Conical. And. It. Is. Still. NOT. DONE!

SG was 1071, and brewed on January 17th. The ferment was going gangbusters for a few days at the start there. Last Sunday, after 2 weeks in the conical it was down to 1038, from the previous Sunday’s reading of 1040! Really not pushing along very fast! It doesn’t help that I’m fermenting at Ambient, in what should be summer, but we had a few days of 35c after I brewed the beer and except for a day or two there, it’s averaged about 23c ever since!

Now, I’ve resorted to wrapping the fermentor in an old duna, and hanging hot water bottles underneath the duna to warm it up.

THIS IS SUMMER DAMN IT!

So, with tomorrow being the 3rd week in the conical, I’ll pull another sample and see where we’re at. I’m not holding high hopes. If it hasn’t dropped very far when I do tomorrow’s reading, then I might have to build up a starter of a clean ale yeast and pitch that to finish it out. I’d rather not, though 🙂