About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Remote Command Execution in Ruckus IoT - 290

Adepts of 0xCCPosted 5 Years Ago
  • There is a fairly standard RCE bug via command injection in this report. However, it is authenticated; so, now what? Well, time to find an authentication bypass!
  • In this case the manufacture added a hardcoded backdoor to the API functionality. If a specific encrypted value was included in the Authorization Header this the authentication automatically passed. Sadly, this backdoor appears to be extremely intentional, and purposely hidden. Not that uncommon with IoT devices though.
  • Using both of these bugs together, we have an unauthenticated RCE.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed