Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- nthLink VPN claims to be a VPN that doesn't allow the sniffing of internet traffic. They had two security audits: two from Cure53, where both were found to be secure. The author set out to dispute this claim. The audit and source code could be requested but weren't public. Since this was written in Electron, it was trivial to extract though.
- Although this claims to be a VPN, it's not. Under the hood, it redirects all TCP and UDP sessions into shadowsocks, which is just a proxy.
- The credential request was as following:
- Find the domain to retrieve the credentials. This should either be a static S3 bucket or a dynamically calculated one.
- Make request to get the data.
- Decrypt the server credentials using the hardcoded key in the app.
- All cryptographic keys in shadowsocks must be derived from a shared password. If all clients know the Pre Shared Key, they can use this to MitM connections to the same server. This is a major problem, especially considering the whole purpose of the app is to secure the connection.
- The author includes a demo with nice screenshots as well. Overall, this feels like a architecture design flaw and would require major rework. Good and concise article.
