Presented at
DEF CON 31 (2023),
Aug. 10, 2023, 12:30 p.m.
(45 minutes).
The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software.
In this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.
Finally we’ll release the exploit POC and an additional POC to dump credentials during engagements.
REFERENCES:
1. https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/
2. https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf
3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)
Presenters:
-
James Horseman
- Vulnerability Researcher at Horizon3.ai
James Horseman loves low-level systems programming and reverse engineering. Has a history of developing implants and weaponizing n-days. He is a vulnerability researcher and attack engineer at Horizon3.ai.
-
Zach Hanley
- Vulnerability Researcher at Horizon3.ai
Zach Hanley has been hooked on exploit development and offensive security since introduced to the world of hacking as an On-Net Operator for DoD and IC organizations. He’s since developed implants and exploits for both the government and commercial sector. He currently is a vulnerability researcher and attack engineer for Horizon3.ai.
Links:
Similar Presentations: