Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Beagle Software’s ClockWatch product line includes a number of solutions for setting clocks on machines and synchronizing them with high-accuracy time sources such as Global Positioning System (GPS). Old software, that has never been looked at for security, is likely to have some obvious bugs in it.

The Beagle Software ESM runs in the background of machines with a listener on TCP port 1001. The simple network protocol used by ClockWatch Enterprise invokes a command on the remote host by sending the string C+ followed by the command to execute. The protocol does not have any authentication or encryption, resulting in any attacker to be able to use it.

Because this is command execution as a service, any attacker can hit this and compromise the device. When receiving the commands, ESM passes the command string from the network as an argument to the Visual Basic Shell function executable and any command line arguments. This is equivalent to the Windows API function WinExec and similar to the C runtime library’s system function, since it starts a new child process with the given arguments.

This is a horrible design but the team. To be fair, this was created 20+ years ago when no one took cybersecurity seriously. After reporting this vulnerability, the company opted to remove the product from the website instead of trying to fix it. This product may be in use somewhere; so, watch out for this!