https://johnjhacking.com/categories/hacking/ Recent content in Hacking on Hack the Galaxy Hugo -- gohugo.io en-gb Mon, 26 Oct 2020 06:00:00 +0000 https://johnjhacking.com/blog/tennessee-squire-account-takeover/ Mon, 26 Oct 2020 06:00:00 +0000 https://johnjhacking.com/blog/tennessee-squire-account-takeover/ Summary Many people do not know about the Jack Daniel’s Tennessee Squires. The Squire Association is an Elite Club for “friends of Jack Daniel’s”. Anyone that has ever dreamed of being a Tennessee Squire knows how difficult - if not impossible it is to obtain membership without paying thousands of dollars (or knowing someone who can nominate you). Tonight, I give you an inside look of the Squire Association, and their practices. https://johnjhacking.com/blog/cve-2020-27388/ Fri, 23 Oct 2020 18:00:00 +0000 https://johnjhacking.com/blog/cve-2020-27388/ Potential Abuse on a hooked Function There is a potential for abuse with any plugins that implement the hook function ‘shunt_is_valid_user’. In the code below we simply demonstrate that authentication can be completely bypassed by returning TRUE in the hooked function. This would be an ideal place for a stealthy backdoor or any other malicious code. It should be noted that this itself is not a vulnerability, but has a potential to be misused and plugins that use this hook should be checked. https://johnjhacking.com/blog/p1-critical-discovering-and-foiling-a-threat-actor/ Sun, 27 Sep 2020 06:00:00 +0000 https://johnjhacking.com/blog/p1-critical-discovering-and-foiling-a-threat-actor/ P1: Critical - Discovering and Foiling a Threat Actor Disclaimers, Credits: Thank you to everyone who helped validate any part of the project. It took a lot of work to figure out the extent of who was/is affected. I appreciate all of the help that we have received, with a special thank you to those who confirmed our suspicions. As a general rule of thumb, we will have to redact specific parts of this writeup as well as completely leave out special homebrewed technology that would give away the affected organizations, or cause further damage.