Can someone bug/hack your home network and take control of electronics connected to it?

Scenario

Basic home network setup, typical router/modem with WPA2 pw setup. No other protection or anything else setup.

Is it feasible/possible to hack someone’s network or setup an unauthorized network and take control of any electronic device that connects to it?

If so, could someone turn a phone or ipad into an audio device and use that to record or spy on someone?

Secure File Transfer with Individual Control

My main goal is to build Raspberry Pi cloud storage and I want to access it remotely. I can easily send commands via SSH.

However, transferring files bugged me due to its slow connection speed, or latency due to buffer, or other factors. I checked SFTP and FTPS for this.

My main goal is to send a file, let’s say mixed files of RAWs, JPGs, and MOVs that are about 5 Gigabytes, and to send it in minimum amount of time. I think this is possible if I encrypt the file first on my local machine and send it through some connection, then decrypt the file once it reaches there completely.

What are your suggestions to send large files securely?

Question about Control Water And Sculpt Spell interaction

I tried to Answer this question: Can “x’/level” area effects be set at smaller sizes?

I was trying to find a spell with an area that can become bigger if your caster level is bigger: Control Water was the one I heard about (is there more spell like this, perhaps one could make it easier)

I’m now clueless about the interaction with the Sculpt Spell metamagic feat:

(Complete Arcane p.83)

Benefit

You can modify an area spell by changing the area’s shape to either a cylinder (10-foot radius, 30 feet high), a 40-foot cone, four 10-foot cubes, a ball (20-foot-radius spread), or a 120-foot line. The sculpted spell works normally in all respects except for its shape. For example, a lightning bolt whose area is changed to a ball deals the same amount of damage, but affects a 20-foot-radius spread.

  • The area of the spell (wich you can control) goes bigger with your caster levels, but I guess if you modify it via Sculpt Spell it will now have a fixed area that won’t become bigger with your caster levels, is this correct by RAW or is there a rule I haven’t found somewhere about this?
  • You can create a whirlpool on the ocean or even cast it on water elementals so the newly shaped area could help in these 2 situations, it might be useless in the other situations (raise/lower unless there are other water around wich could make the 4 10-foot cubes really useful if you need to raise the water for 4 different small ponds within the long range of the spell)

How does Control Weather interact with dispel magic?

If a spell has an effect radius of miles, like Control Weather, or Mirage Arcane, is there anything stopping a level 5 mage, hiding somewhere within the area, from dispelling the terrible storm cast by the archmage? It feels like these massive spells are extremely vulnerable since, at most, they’d need to beat a 19 on an ability check. Surely it’d make for a very anticlimactic fight if the mega-storm conjured by the BBEG was dispelled by a couple of apprentice mages.

Why do we need security measure likes control flow integrity and buffer overflow guard if we have good access control protocol in place?

Reading into information security, I noticed two branches. Access control when communication with external device by using some type of cryptographic authentication and encryption mechanism and things like control flow integrity. My question is why do we need the latter if former is good enough. Are there example of control flow exploits on access control protocol implementation themselves? My focus is mainly on embedded devices.

How to write this access control matrix?

This is a simplified dump for the ls – l shell command in the current folder.

-r--r----- alice admin 1 -r--r--r-- bob bob 2 -rw-rw---- charlie charlie 3 -rw-r----- charlie admin 4 ---x--x--x alice alice editor ---x--s--- bob admin editor-super 

Unix users are alice, bob, charlie. root is the system administrator.

The id command for each user returns:

  • id alice: uid=1000(alice) gid=1000(alice) groups=1000(alice),1003(admin)

  • id bob: uid=1001(bob) gid=1001(bob) groups=1001(bob)

  • id charlie: uid=1002(charlie) gid=1002(charlie) groups=1002(charlie), 1003(admin)

There are 2 executable files:

  • editor lets you open a file with Read and Write capabilities;

  • editor-super does the same as editor.

Draw up an access control matrix with subjects {alice, bob, charlie} and objects {1,2,3,4} that shows, for each combination of subject and object, whether the subject will be able to read (R), and/or write (W) the respective object.

Note: root should not appear in the matrix.

Below is my solution. How should I complete it?

            1       |       2      |      3      |       4     |  Alice   |    r      |       r      |             |      r      |  Bob     |           |       r      |             |             |  Charlie |    r      |       r      |      rw     |       rw    | 

Letting attacker control content-type, why is this safe?

I found a strange behavior of Shopify, where an attacker can change the extension on a URL and the backend will send back an HTTP content-type matching that extension, for each of these extensions:

atom: application/atom+xml bmp: image/bmp css: text/css csv: text/csv gif: image/gif jpg: image/jpeg json: application/json js: text/javascript mp3: audio/mpeg mpeg: video/mpeg mpg: video/mpeg pdf: application/pdf png: image/png rss: application/rss+xml svg: image/svg+xml tiff: image/tiff tif: image/tiff txt: text/plain xml: application/xml yml: application/x-yaml zip: application/zip 

For example, https://gavinwahl-test.myshopify.com/.foo.yml returns ‘Content-Type: application/x-yaml’, even though it’s a 404. https://gavinwahl-test.myshopify.com/search.svg returns the actual search page HTML but with image/svg+html content-type.

The search page also allows you to insert [html-escaped] text of your choice: https://gavinwahl-test.myshopify.com/search.zip?q=%50%4b%05%06%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00 for example returns application/zip and is actually a valid zip file (despite having HTML around it).

It seems like there should be a vulnerability here. The search query is HTML escaped, but we can tell the browser to interpret in some other content type which may have different escaping rules. This has been done with EML (Microsoft Outlook Express mail message) files before. I know there are lots of vulnerabilities where content of one type is interpreted as a different content type, but Shopify claims that this practice is safe and not exploitable.

Is there actually a good argument that this is safe? Is there any way to get a reflected xss payload through based on the content type confusion?

(I have reported this as an issue to Shopify Security and they said it was safe, so I’m posting it publicly)

How can a PC create (and control) an army of undead skeletons?

Fantasy novels are rife with evil necromancers controlling hordes of undead…and they also make great BBEGs! But what if a PC wanted to do the same thing?

I’d like to see how big of an army a 5e D&D character could raise and control. Let’s assume this character is 20th level, can be of any published class or class combo, only wants to make an army of permanent skeletons (they smell better than zombies!), has a 20 for any relevant ability score, and has access to any non-artifact magic item.

As an example, let’s assume the character is a wizard and is using the Animate Dead spell which says

This spell creates an undead servant.

The creature is under your control for 24 hours, after which it stops obeying any command you’ve given it. To maintain control of the creature for another 24 hours, you must cast this spell on the creature again before the current 24-hour period ends. This use of the spell reasserts your control over up to four creatures you have animated with this spell, rather than animating a new one.

My math says this wizard could create 83 skeletons the first day, but would only be able to control 60 of them thereafter. This is a LONG way from anything resembling an army…and the wizard would have to burn every single spell slot of 3rd level or higher, every single day, just to keep these 60 in line.

So, let’s get creative!