Friday, June 07, 2024

Adobe's New Terms of Service

 As you've probably seen in the recent online media, Adobe decided to force new controversial Terms of Service (TOS) onto their customers.

The new TOS are egregious and very worrying for creators.


The fundamental issue is that without accepting the new TOS mid-contract you are unable to continue using the apps, with some reports you're also not able to uninstall with accepting the new TOS [I've not yet been able to confirm this myself]

I have an Adobe Creative Cloud subscription and the 20GB Photography plan which I've had since 2015.

I am fundamentally opposed to these new terms so I decided I would prefer to end the relationship and cancel the subscription.

So I logged in and found the cancellation section started the process and then was informed I'm still mid-12 months contract and therefore will be charged ~£50 for the remaining ~5 months.

I found this wholly unacceptable. So I started an online chat with a support operative.

Chat #1

That did not go well, at first I was told "not much has changed but its just that we are just educating about the terms and Conditions"

This is a lie.

The offer was then "in order to help the best I can do is I will make your subscription free of cost for the upcoming 03 months. So that you can get a chance to explore the subscription without paying a single penny for these months, it will also help to complete the tenure and in the last month there will be no fee"

This completely misses the point since to take up this 'offer' would require accepting the new TOS.

I was then told "You can use the plan the terms specifically suggest that we may use the basic files for troubleshooting or machine learning not for any other usage"

Once again completely missing the point and then he doubled down with "Our TOS are just the same , not much has changed if you want to use the plan I can get you three months FREE or as per previous Terms there will be an early cancelation FEE"

My reply was "...they are not the 'just the same' it's a fundamental change to which I DO NOT AGREE. I WILL NOT ACCEPT. You are preventing me from using the service as per the TERMS we agreed BEFORE this change. you CANNOT FORCE ME TO PAY FOR SOFTWARE YOU ARE PREVENTING ME FROM USING"

At this point, he just stopped responding and I ended the chat after waiting 20 minutes and then started a new support chat.

Chat #2

Me: "I want to cancel without penalty since you're preventing me from using the software for the remaining term (~5 months)

or allow me to continue to use the software without accepting the new TOS[for the remainder of the term]"

and got the 3-month 'offer' "if you wish to continue with the subscription, I can help you with 3 free months so that your next billing for the next 3 months will be stopped right away."

I said, no thanks, and re-iterated the which to cancel penalty-free and then finally got the answer I was looking for...

"Thank you for your time and patience.
In that case, I will go ahead and cancel the subscription for you. And, as you are a valuable Adobe customer, I will waive-off the cancelation fee for you completely from my side.
Rest assured, your subscription will be cancelled without any cancelation fee and, you will not be charged for it going further. With your permission, may I proceed?"

"As per your decision, we have canceled the subscription To the Photography plan (20GB) And successfully Waived your cancelation fees as a good will gesture so that going forward you will not be charged anything for this Account. You may have received an email confirming the same. Thank you for being our customer and allowing us the opportunity to serve you. We hope you will consider us as your creative partner in any future ventures."

I received the cancellation confirmation email about 10 minutes later.

I've now downloaded the AdobeCreativeCloudCleanerTool.exe from 

https://swupmf.adobe.com/webfeed/CleanerTool/win/AdobeCreativeCloudCleanerTool.exe

So we'll soon find out whether this removes it all without having to accept the TOS to uninstall...

Tuesday, February 20, 2024

The inadvertent router pen test story

The History

A few weeks ago I started a small project to document the devices in my home network. I had recently purchased a VPN device so I wanted a clear understanding of where it would fit.

In 2019 after upgrading my Wi-Fi to Google, I repurposed my older Netgear R8000. As part of that project, I re-imaged and replaced the  Netgear OS with open-source ddWRT, and switched off all the Wi-Fi. So it essentially became a 4 port switch to connect my ethernet devices.

and it stayed, pretty much forgotten, until recently.

Now

During the documentation phase, I thought I might take the opportunity to update the ddWRT version since it was going to be a bit out of date.

That should be simple enough, login, apply new image, reboot... but I couldn't log in.

I tried a few combinations of what would have been the password combinations I would've used back then. I looked up the defaults just in case it had reset itself at some point, but that failed.

I did a search on my machine to see if I'd documented it, but found nothing.

The Hacking

This was the opportunity to practice the hacking skills I'd been learning via Hack the Box.

1. Nmap

An Nmap scan revealed HTTP (80) and SSH ports were open. No real surprises there but we'll come back to this later.

2. Burpsuite

A browse to the login page revealed the login process, from this I was able to capture the submission of the username and password and determine that the process used basic authentication. I was able to see that the username/password combinations used base64 encoding to obfuscate.

I ran a few tests via interceptor and was able to set up a response that appeared to submit the username/password combinations correctly and 'code 200' response from the router.

So now it was time to build out my 2 custom word lists.

The first was a list of possible usernames, this was a combination of the defaults one might expect plus all of the ones I might have used, including various combinations of lowercase, capitalizations, and ALL CAPS. So a list of around 20-25 entries.

The second word list for all the possible passwords I might have set, plus the usual defaults again with the variances of capitalisations.

I then ran these via interceptor against the router login page, with no luck.

I was reasonably confident that I'd set up the parsing of the wordlists correctly, but there was a chance I was getting a bad response.

3. Metaspoilt

Now, Nmap had revealed that SSH was open. I now used Metasploit's SSH scanner module with the same word lists as above and let that run.

So set the RHOST and the 2 wordlists and fired it off.

This was significantly slower as each attempt was deliberately slowed so as not to get the connection blocked. So I let that run, it took the best part of an hour or two, but it too failed!

4. Routersploit

This Python script is available via GitHub and I downloaded and installed it. The interface for this is very similar to Metasploit. So I set up the required parameters and fired that off.

This too failed to find any usable vulnerability.

Conclusion

At this point, I can draw two conclusions, and I'm split 50/50 between them.

1. The device is secure in its current config and I've nothing to worry about.

2. The device has been compromised at some point in the last ~4 years.

So do I assume the first and leave it as it is, or be cautious and hard reset the device and update it?

There is only one option, assume the worst, hard reset, and update.

It shouldn't take long, the biggest issue is it's in a confined space so the most amount of time would be getting adequate physical access to hit the reset button.

Lessons learned

It was a very useful exercise to take these new skills learned, use the various tools, and apply them to a real-world scenario.

Document usernames and passwords when setting up devices!

Sunday, February 11, 2024

How to update Burpsuite in Kali & Parrot 5/6



1. Download the Community .jar file

Open Burpsuite, then open help and check for updates
click the link to open in browser then for the download, choose the community edition (or pro if you have that) & select the JAR version
close burpsuite

2. Go to Downloads folder
cd ~/Downloads

3. Set file for execution
chmod +x burpsuite_community_v2023.12.1.4.jar

4. Find location of burpsuite.jar
locate burpsuite.jar
result should in
/usr/share/burpsuite

5. Backup old jar file
cd /usr/share/burpsuite
sudo cp burpsuite.jar burpsuite.bak
sudo rm burpsuite.jar

6. Copy new jar file
cd ~/Downloads
sudo cp burpsuite_community_v2023.12.1.4.jar /usr/share/burpsuite/burpsuite.jar

You're done
- launch your updated Burpsuite

Recovery:

If it has gone wrong, delete the .jar and copy (sudo cp) the burpsuite.bak to burpsuite.jar to get the old version back
sudo rm /user/share/burpsuite/burpsuite.jar
sudo cp /user/share/burpsuite/burpsuite.bak /user/share/burpsuite/burpsuite.jar

Saturday, January 27, 2024

Can a PSU affect CPU performance?

In 2020 I built my current Desktop PC for gaming.


An AMD B550 Mobo, 3600X CPU, 16 BG ram with the semi modular Gigabyte B700H PSU (80 plus Bronze).

Since then I've double the Ram to 32 GB and upgraded the CPU twice, first to 5800X and now the 5800X3D.

The system has performed just fine over that time.

I've got an NVidia GTX 2080ti rate at 250W and the PSU has not had any trouble at all.

After upgrading to the 5800X3D I did notice that the Cinebench R20 and R23 scores were a little below average but I put this down to silicon lottery and air cooling. It still ran pretty fast.

I've been looking to replace the 2080ti with a 7900XT and to do that the 700W PSU was on the limit. So with that in mind I saw a deal on a 850W Seasonic Focus GX 850 80PLUS Gold fully modular PSU and ordered it.

The swap out was done in no time and the first thing I then did was fire up Cinebench R20. It scored 3% faster than the last time I ran it a few months ago. Seemed a bit weird and it's possible that BIOS updates may have played a part in this but I don't think so, the last test were done ~ 4 months ago when I upgrade the Noctua fans on the PSU cooler and got a nice reduction in temps but no bump in performance. No Bios updates has been released or applied in that time.

So I then did a full pass Cinebench R23 test and this reported a 4% bump in performance!

Has my PSU been holding my CPU back, what do you think?

Wednesday, January 17, 2024

The free or open source tools I use in my day job

Current

Proxmox - repurpose old hardware for Lab and testing Virtual Machines
Docker - easy linux image deployment and testing
Portainer - Docker Manager

Uptime Kumar - on Docker via Portainer - important servers and service uptime monitoring
Dashy - on Docker via Portainer - cool shortcuts

Kali Linux Distro install on Proxmox for various security testing and pen testing
hashcat
breachparse
burpsuite


Wazuh VM on Proxmox for SDR and SIEM
OpenVAS (gvm) on Proxmox for pen testing
Netbox VM - Network Documentation
MediaWiki VM - Documentation
phpbb - IT Forum for internal use /discussion

KIX32 - login script and general automation of repetitive tasks, software removal, reg edits, software install, software updates, windows updates, 

Tools I've used but since dumped

Thursday, September 28, 2023

Noctua NH-U12S SE-AM4 - upgraded with 2x NF-A12x25 PWM (chromax.black)

When I first built my new gaming PC during the Covid lockdown back in 2020 I ordered the  Noctua NH-U12S SE-AM4 to cool the Ryzen 5 3600. And it cooled it very well. the 3600 has a  65 watt TDP and the  NH-U12S handled it easily.

Later on upgraded to the Ryzen 5 5600X, also with a 65W TDP but I did order and add another fan to the back of Noctua NH-U12S SE-AM4. Again this wasn't a problem at all and the system ran very cool and quiet.

In January 2023, I pushed the boat out again and max'd my AM4 system with the AMD Ryzen 7 5800X3D. I kept the cooling as above but we now had to cope with 105W TDP and it showed.

Cinebench20 would push CPU the temps to 89 degrees(c), a bit toasty!

So I started looking at the Noctua NH-D15 chromax.black as a possible replacement. 

Problem 1, it's a pricey solution at ~£110

Problem 2, this tall boy would be cutting it very close to being able to fit in my case (Phanteks Eclipse P400A)

So I left it for a while...

...

Then I started looking at the NF-A12x25 PWM fans to replace the fans and keep the NH-U12S.

Again not the cheapest solution, with each coming is at ~£30 each, but half the cost of the NH-D15 solution.

So I bit the bullet, ordered and installed them, and re-used the older Noctua from the NH-12S as additional case exhaust fans.  A simple swap over re-jig that probably took less than 30 minutes in total, most of which was giving the case & fans a good spring clean.

They are a bit chunkier and weightier than the old fans but install just as easily.

Now the bit you're interested in, the performance.

I re-calibrated the fans and curves with the 'Auto' function available in my Asus BIOS and booted the system.

All good, already noticeably quieter.

Then I ran Cinebench20 twice, and each time the temperature peaked at a max of 82 degrees(c)!

A 7 degree drop in maximum operating temperature, so now I don't have thermal throttling concerns anymore and it's a better than expected win.

I am very happy!






Adobe's New Terms of Service

 As you've probably seen in the recent online media, Adobe decided to force new controversial Terms of Service (TOS) onto their customer...