This is a walk through for the smart contract hacking challenge organized by PolySwarm for CODE BLUE conference held in Japan on November 01–02. Although the challenge was supposed to be held on-site for whitelisted addresses only, Ben Schmidt of PolySwarm kindly shared a wallet so that I could participate in the challenge.
(more…)
Year: 2018
-
PolySwarm Smart Contract Hacking Challenge Writeup
-
Adobe Experience Manager Vulnerability Scanner
Adobe Experience Manager is content management system that is based on Apache Sling – a framework for RESTful web-applications based on an extensible content tree. Apache Sling in its turn is basically a REST API for Apache Jackrabbit, which is an implementation of Content Repository API for Java (JCR). The main principle of JCR is that everything is a resource. It means that any object in JCR repository can be retrieved in multiple ways depending on requested selector. E.g. if you make a request to /index.html you will get an HTML page, but if you replace .html with a .json selector you can get metadata of this resource:
{ "jcr:primaryType":"cq:Page", "jcr:createdBy":"transport-user", "jcr:created":"Mon Jun 13 2018 22:09:46 GMT+0000" }
AEM installations typically have lots of hidden gems (even password hashes) if selectors are improperly configured. aemscan helps to discover such weaknesses and much more:
- Default credentials bruteforce
- Info leak via default error page
- WebDav support check (WebDav OSGI XXE CVE-2015-1833)
- Version detection
- Useful paths scanner
You can grab the source code from GitHub: https://github.com/Raz0r/aemscan. Pull requests are welcome!
-
Predicting Random Numbers in Ethereum Smart Contracts
Slides from my AppSec California 2018 talk “Predicting Random Numbers in Ethereum Smart Contracts”
Detailed blog post: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620