Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Xspeeder is a networking vendor that makes routers, SD-WAN appliances, and more. Their core firmware, SXZOS, powers a line of SD-WAN devices that are especially prevalent across remote industrial and branch environments.

The company that made this post is pwn.ai - autonomous hacking. The AI starts with nothing but a target and figures it out. From device emulation via VirtualBox to attack surface identification to finding and exploiting an RCE bug.

They published the logs of what the AI was doing/doing, which is really interesting. The installation of the ISO and usage in qemu is pretty straightforward. After that, it performs file system reconnaissance to locate a Django service.

In the Django service, the bot finds the pre-auth attack surface. This is its target. Within the unauthenticated GateKeeper, some code finds that uses a vulnerable sink; this was found through a simple grep for known bad things in Python, such as eval() and os.system().

At the end, it needs to create the request. The data is base64 encoded so they must prepare this. Additionally, since the real purpose of this is to convert a string to a dictionary, the fields in the payload must be strings. There are a few headers that must be set but this wasn't a problem for the bot.

This vulnerability is absolutely a low-hanging fruit. But, it was able to setup the IoT device and find the vulnerability all by itself. If computers can run all day, there's no stopping these bots from finding all of the bugs like this. Good find!