deploy: c597f49

himazawa · Aug 10, 2024 · 1395196 · 1395196
1 parent d0206d4
commit 1395196
Show file tree

Hide file tree

Showing 15 changed files with 18 additions and 18 deletions.
diff --git a/categories/vulnerability-research/index.xml b/categories/vulnerability-research/index.xml
@@ -1144,7 +1144,7 @@ This functionality can be effectively abused to get full code execution on the m
     </div>
     <div class="details-content">
         <div class="admonition-content">Since the script is executed at boot the network interface could still be in the process of going up, so remember to add a small timeout before executing the payload.</div></div></div>
-<p>The PoC is available at <a href="https://github.com/himazawa/zimaos-rce-poc" target="_blank" rel="noopener noreferrer">https://github.com/himazawa/zimaos-rce-poc</a></p>
+<p>The PoC is available at <a href="https://github.com/himazawa/zimaos-postauth-rce" target="_blank" rel="noopener noreferrer">https://github.com/himazawa/zimaos-postauth-rce</a></p>
 <figure><img src="/posts/zimaos-casaos-rce/rev_shell.png"><figcaption>
       <h4>Problem Solved</h4>
     </figcaption>

diff --git a/en/sitemap.xml b/en/sitemap.xml
diff --git a/index.html b/index.html
@@ -1,5 +1,5 @@
 <!doctype html><html lang=en><head><meta name=generator content="Hugo 0.131.0"><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=robots content="noodp"><title>appsec & stuff</title><meta name=Description content><meta property="og:url" content="https://appsec.space/">
-<meta property="og:site_name" content="appsec & stuff"><meta property="og:title" content="appsec & stuff"><meta property="og:locale" content="en"><meta property="og:type" content="website"><meta property="og:image" content="https://appsec.space/images/logo.png"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://appsec.space/images/logo.png"><meta name=twitter:title content="appsec & stuff"><meta name=application-name content="appsec & stuff"><meta name=apple-mobile-web-app-title content="appsec & stuff"><meta name=theme-color content="#f8f8f8"><link rel="shortcut icon" type=image/x-icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/apple-touch-icon.png><link rel=canonical href=https://appsec.space/><link rel=alternate href=/index.xml type=application/rss+xml title="appsec & stuff"><link rel=feed href=/index.xml type=application/rss+xml title="appsec & stuff"><link rel=stylesheet href=/css/main.min.css><link rel=stylesheet href=/css/style.min.css><script type=application/ld+json>{"@context":"https://schema.org","@graph":[{"@type":"WebSite","url":"https://appsec.space/","inLanguage":"en","author":{"@type":"Person","name":"himazawa"},"copyrightYear":2023,"copyrightHolder":{"@type":"Person","name":"true"},"name":"appsec \u0026 stuff"},{"@type":"BlogPosting","headline":"My keyboard was misbehaving so I had to exploit my NAS","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/zimaos-casaos-rce/"},"genre":"posts","keywords":["zimaos","casaos","research","nas"],"wordcount":1924,"url":"https://appsec.space/posts/zimaos-casaos-rce/","datePublished":"2024-08-07T10:00:24+01:00","dateModified":"2024-08-07T16:36:59+02:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Debloating the Onyx Boox Go 10.3","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/onyx-boox-go-10.3/"},"genre":"posts","keywords":["android","eink","Onyx Boox"],"wordcount":799,"url":"https://appsec.space/posts/onyx-boox-go-10.3/","datePublished":"2024-08-02T12:00:00+01:00","dateModified":"2024-08-06T11:14:33+02:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"The xz backdoor from a Security Engineer persepective","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/xz-backdoor/"},"genre":"posts","keywords":["backdoor","CVE-2024-3094","xz","liblzma","supply-chain","security-engineering"],"wordcount":1500,"url":"https://appsec.space/posts/xz-backdoor/","datePublished":"2024-03-30T19:49:24+01:00","dateModified":"2024-03-31T23:16:02+02:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Security Theatre? More like Security Circus","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/security-theatre/"},"genre":"posts","keywords":["security theatre","infosec","rants"],"wordcount":474,"url":"https://appsec.space/posts/security-theatre/","datePublished":"2023-02-13T20:20:00+01:00","dateModified":"2024-03-30T22:00:02+01:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Long Time No See","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/long-time-no-see/"},"genre":"posts","keywords":["updates"],"wordcount":390,"url":"https://appsec.space/posts/long-time-no-see/","datePublished":"2023-02-06T00:01:18+01:00","dateModified":"2024-03-30T22:00:02+01:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Getting \"Zero Click\" Remote Code Execution in Mycroft AI vocal assistant","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/mycroft-ai-rce/"},"genre":"posts","keywords":["writeup","code review","AI","vocal assistant"],"wordcount":768,"url":"https://appsec.space/posts/mycroft-ai-rce/","datePublished":"2018-06-10T20:59:09+02:00","dateModified":"2024-03-30T22:00:02+01:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""}]}</script></head><body data-instant-intensity=viewport><script type=text/javascript>function setTheme(e){document.body.setAttribute("theme",e),document.documentElement.className=e,document.documentElement.style.setProperty("color-scheme",e==="light"?"light":"dark"),e==="light"?document.documentElement.classList.remove("tw-dark"):document.documentElement.classList.add("tw-dark"),window.theme=e,window.isDark=window.theme!=="light"}function saveTheme(e){window.localStorage&&localStorage.setItem("theme",e)}function getMeta(e){const t=document.getElementsByTagName("meta");for(let n=0;n<t.length;n++)if(t[n].getAttribute("name")===e)return t[n];return""}if(window.localStorage&&localStorage.getItem("theme")){let e=localStorage.getItem("theme");e==="light"||e==="dark"?setTheme(e):setTheme(window.matchMedia&&window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light")}else"auto"==="light"||"auto"==="dark"?(setTheme("auto"),saveTheme("auto")):(saveTheme("auto"),setTheme(window.matchMedia&&window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light"));let metaColors={light:"#f8f8f8",dark:"#161b22"};getMeta("theme-color").content=metaColors[document.body.getAttribute("theme")],window.switchThemeEventSet=new Set</script><div id=back-to-top></div><div id=mask></div><div class=wrapper><header class="desktop print:!tw-hidden" id=header-desktop><div class=header-wrapper><div class=header-title><a href=/ title="appsec & stuff"><img class="tw-inline tw-align-text-bottom tw-mr-1" src=/images/circle_cropped_logo.png height=32 width=32></a></div><div class=menu><div class=menu-inner><a class=menu-item href=/posts/>Posts </a><a class=menu-item href=/categories/>Categories </a><a class=menu-item href=/about/>About me </a><span class="menu-item delimiter"></span><button class="menu-item language" aria-label="Select Language">English<svg class="icon" viewBox="0 0 320 512"><path d="M285.476 272.971 91.132 467.314c-9.373 9.373-24.569 9.373-33.941.0l-22.667-22.667c-9.357-9.357-9.375-24.522-.04-33.901L188.505 256 34.484 101.255c-9.335-9.379-9.317-24.544.04-33.901l22.667-22.667c9.373-9.373 24.569-9.373 33.941.0L285.475 239.03c9.373 9.372 9.373 24.568.001 33.941z"/></svg>
+<meta property="og:site_name" content="appsec & stuff"><meta property="og:title" content="appsec & stuff"><meta property="og:locale" content="en"><meta property="og:type" content="website"><meta property="og:image" content="https://appsec.space/images/logo.png"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://appsec.space/images/logo.png"><meta name=twitter:title content="appsec & stuff"><meta name=application-name content="appsec & stuff"><meta name=apple-mobile-web-app-title content="appsec & stuff"><meta name=theme-color content="#f8f8f8"><link rel="shortcut icon" type=image/x-icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/apple-touch-icon.png><link rel=canonical href=https://appsec.space/><link rel=alternate href=/index.xml type=application/rss+xml title="appsec & stuff"><link rel=feed href=/index.xml type=application/rss+xml title="appsec & stuff"><link rel=stylesheet href=/css/main.min.css><link rel=stylesheet href=/css/style.min.css><script type=application/ld+json>{"@context":"https://schema.org","@graph":[{"@type":"WebSite","url":"https://appsec.space/","inLanguage":"en","author":{"@type":"Person","name":"himazawa"},"copyrightYear":2023,"copyrightHolder":{"@type":"Person","name":"true"},"name":"appsec \u0026 stuff"},{"@type":"BlogPosting","headline":"My keyboard was misbehaving so I had to exploit my NAS","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/zimaos-casaos-rce/"},"genre":"posts","keywords":["zimaos","casaos","research","nas"],"wordcount":1924,"url":"https://appsec.space/posts/zimaos-casaos-rce/","datePublished":"2024-08-07T10:00:24+01:00","dateModified":"2024-08-10T12:27:11+02:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Debloating the Onyx Boox Go 10.3","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/onyx-boox-go-10.3/"},"genre":"posts","keywords":["android","eink","Onyx Boox"],"wordcount":799,"url":"https://appsec.space/posts/onyx-boox-go-10.3/","datePublished":"2024-08-02T12:00:00+01:00","dateModified":"2024-08-06T11:14:33+02:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"The xz backdoor from a Security Engineer persepective","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/xz-backdoor/"},"genre":"posts","keywords":["backdoor","CVE-2024-3094","xz","liblzma","supply-chain","security-engineering"],"wordcount":1500,"url":"https://appsec.space/posts/xz-backdoor/","datePublished":"2024-03-30T19:49:24+01:00","dateModified":"2024-03-31T23:16:02+02:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Security Theatre? More like Security Circus","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/security-theatre/"},"genre":"posts","keywords":["security theatre","infosec","rants"],"wordcount":474,"url":"https://appsec.space/posts/security-theatre/","datePublished":"2023-02-13T20:20:00+01:00","dateModified":"2024-03-30T22:00:02+01:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Long Time No See","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/long-time-no-see/"},"genre":"posts","keywords":["updates"],"wordcount":390,"url":"https://appsec.space/posts/long-time-no-see/","datePublished":"2023-02-06T00:01:18+01:00","dateModified":"2024-03-30T22:00:02+01:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""},{"@type":"BlogPosting","headline":"Getting \"Zero Click\" Remote Code Execution in Mycroft AI vocal assistant","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"https://appsec.space/posts/mycroft-ai-rce/"},"genre":"posts","keywords":["writeup","code review","AI","vocal assistant"],"wordcount":768,"url":"https://appsec.space/posts/mycroft-ai-rce/","datePublished":"2018-06-10T20:59:09+02:00","dateModified":"2024-03-30T22:00:02+01:00","publisher":{"@type":"Organization","name":"himazawa"},"author":{"@type":"Person","name":"himazawa","url":"/"},"description":""}]}</script></head><body data-instant-intensity=viewport><script type=text/javascript>function setTheme(e){document.body.setAttribute("theme",e),document.documentElement.className=e,document.documentElement.style.setProperty("color-scheme",e==="light"?"light":"dark"),e==="light"?document.documentElement.classList.remove("tw-dark"):document.documentElement.classList.add("tw-dark"),window.theme=e,window.isDark=window.theme!=="light"}function saveTheme(e){window.localStorage&&localStorage.setItem("theme",e)}function getMeta(e){const t=document.getElementsByTagName("meta");for(let n=0;n<t.length;n++)if(t[n].getAttribute("name")===e)return t[n];return""}if(window.localStorage&&localStorage.getItem("theme")){let e=localStorage.getItem("theme");e==="light"||e==="dark"?setTheme(e):setTheme(window.matchMedia&&window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light")}else"auto"==="light"||"auto"==="dark"?(setTheme("auto"),saveTheme("auto")):(saveTheme("auto"),setTheme(window.matchMedia&&window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light"));let metaColors={light:"#f8f8f8",dark:"#161b22"};getMeta("theme-color").content=metaColors[document.body.getAttribute("theme")],window.switchThemeEventSet=new Set</script><div id=back-to-top></div><div id=mask></div><div class=wrapper><header class="desktop print:!tw-hidden" id=header-desktop><div class=header-wrapper><div class=header-title><a href=/ title="appsec & stuff"><img class="tw-inline tw-align-text-bottom tw-mr-1" src=/images/circle_cropped_logo.png height=32 width=32></a></div><div class=menu><div class=menu-inner><a class=menu-item href=/posts/>Posts </a><a class=menu-item href=/categories/>Categories </a><a class=menu-item href=/about/>About me </a><span class="menu-item delimiter"></span><button class="menu-item language" aria-label="Select Language">English<svg class="icon" viewBox="0 0 320 512"><path d="M285.476 272.971 91.132 467.314c-9.373 9.373-24.569 9.373-33.941.0l-22.667-22.667c-9.357-9.357-9.375-24.522-.04-33.901L188.505 256 34.484 101.255c-9.335-9.379-9.317-24.544.04-33.901l22.667-22.667c9.373-9.373 24.569-9.373 33.941.0L285.475 239.03c9.373 9.372 9.373 24.568.001 33.941z"/></svg>
 <select class=language-select aria-label="Select Language" id=language-select-desktop onchange="location=this.value"><option value=/ selected>English</option><option value=/it/>Italiano</option></select>
 </button><span class="menu-item search" id=search-desktop>
 <input type=text placeholder="Search titles or contents..." id=search-input-desktop>

diff --git a/index.json b/index.json
diff --git a/index.xml b/index.xml
@@ -1144,7 +1144,7 @@ This functionality can be effectively abused to get full code execution on the m
     </div>
     <div class="details-content">
         <div class="admonition-content">Since the script is executed at boot the network interface could still be in the process of going up, so remember to add a small timeout before executing the payload.</div></div></div>
-<p>The PoC is available at <a href="https://github.com/himazawa/zimaos-rce-poc" target="_blank" rel="noopener noreferrer">https://github.com/himazawa/zimaos-rce-poc</a></p>
+<p>The PoC is available at <a href="https://github.com/himazawa/zimaos-postauth-rce" target="_blank" rel="noopener noreferrer">https://github.com/himazawa/zimaos-postauth-rce</a></p>
 <figure><img src="/posts/zimaos-casaos-rce/rev_shell.png"><figcaption>
       <h4>Problem Solved</h4>
     </figcaption>

diff --git a/posts/index.html b/posts/index.html
@@ -25,7 +25,7 @@
 <select class=color-theme-select id=theme-select-mobile aria-label="Switch Theme"><option value=light>Light</option><option value=dark>Dark</option><option value=auto>Auto</option></select>
 </button><button class="menu-item tw-w-full" title>English<svg class="icon" viewBox="0 0 320 512"><path d="M285.476 272.971 91.132 467.314c-9.373 9.373-24.569 9.373-33.941.0l-22.667-22.667c-9.357-9.357-9.375-24.522-.04-33.901L188.505 256 34.484 101.255c-9.335-9.379-9.317-24.544.04-33.901l22.667-22.667c9.373-9.373 24.569-9.373 33.941.0L285.475 239.03c9.373 9.372 9.373 24.568.001 33.941z"/></svg>
 <select class=language-select title onchange="location=this.value"><option value=/posts/ selected>English</option><option value=/it/posts/>Italiano</option></select></button></div></div></header><div class="search-dropdown desktop"><div id=search-dropdown-desktop></div></div><div class="search-dropdown mobile"><div id=search-dropdown-mobile></div></div><main class=main><div class=container><div class="page archive"><h2 class=single-title>All Posts</h2><h3 class=group-title>Recently Updated</h3><article class=archive-item><a href=/posts/zimaos-casaos-rce/ class=archive-item-link>My keyboard was misbehaving so I had to exploit my NAS</a>
-<span class=archive-item-date>08-07</span></article><article class=archive-item><a href=/posts/onyx-boox-go-10.3/ class=archive-item-link>Debloating the Onyx Boox Go 10.3</a>
+<span class=archive-item-date>08-10</span></article><article class=archive-item><a href=/posts/onyx-boox-go-10.3/ class=archive-item-link>Debloating the Onyx Boox Go 10.3</a>
 <span class=archive-item-date>08-06</span></article><h3 class=group-title>2024</h3><article class=archive-item><a href=/posts/zimaos-casaos-rce/ class=archive-item-link>My keyboard was misbehaving so I had to exploit my NAS</a>
 <span class=archive-item-date>08-07</span></article><article class=archive-item><a href=/posts/onyx-boox-go-10.3/ class=archive-item-link>Debloating the Onyx Boox Go 10.3</a>
 <span class=archive-item-date>08-02</span></article><article class=archive-item><a href=/posts/xz-backdoor/ class=archive-item-link>The xz backdoor from a Security Engineer persepective</a>

diff --git a/posts/index.xml b/posts/index.xml
@@ -1144,7 +1144,7 @@ This functionality can be effectively abused to get full code execution on the m
     </div>
     <div class="details-content">
         <div class="admonition-content">Since the script is executed at boot the network interface could still be in the process of going up, so remember to add a small timeout before executing the payload.</div></div></div>
-<p>The PoC is available at <a href="https://github.com/himazawa/zimaos-rce-poc" target="_blank" rel="noopener noreferrer">https://github.com/himazawa/zimaos-rce-poc</a></p>
+<p>The PoC is available at <a href="https://github.com/himazawa/zimaos-postauth-rce" target="_blank" rel="noopener noreferrer">https://github.com/himazawa/zimaos-postauth-rce</a></p>
 <figure><img src="/posts/zimaos-casaos-rce/rev_shell.png"><figcaption>
       <h4>Problem Solved</h4>
     </figcaption>

diff --git a/posts/zimaos-casaos-rce/image.png b/posts/zimaos-casaos-rce/image.png