Instructions for down or upgrading Ubiquiti (UniFi) USG

Sometimes it doesn’t work upgrading or downgrading via the UniFi Controller GUI. If that is the case, doing it via the CLI is quite safe and should work without any issues.

Below is a step-by-step guide:



  • Download desired firmware (i.e v4.3.23.4913544)
  • Run FileZilla Client
  • Use sftp://yourfwipaddress with Siteusername and Sitepassword (leave Port blank), then Quickconnect
  • Upload the downloaded firmware upgrade.tar to the connected folder
  • Run PuTTY, Terminal (Mac/Linux) or any SSH-client to connect to your firewall
  • Connect using credentials Siteusername and Sitepassword to yourfwipaddress
  • Make sure you are in your homefolder (i.e /home/admin if your Siteusername is Admin)
  • Run sudo upgrade upgrade.tar
  • Once fully run device will restart and you will get disconnected from the session
  • Reconnect via browser and fill in … Continue Reading

  • SQL::QueryBuilder::OO released

    For peer reviewing purposes on (and to the general public as well), I released my perl module for object oriented sql query building.

    Intel 82579V Gigabit Ethernet Driver for Debian Wheezy

    Apparently, this ethernet device still causes problems to Debian’s “Wheezy” distribution.

    In response to a request I present the pre-compiled kernel module for amd64 only.

    Instructions on how to get this puppy running are still available via this post and the comments below it.

    “Write anywhere” vulnerability in Parallels Confixx

    A proof of concept of a vulnerability in Parallels Confixx 3.3.9 (latest and final version) allowing an attacker to gain full write access (as root) to a UNIX server operating said hosting software.

    Continue Reading

    The Boolean paradox

    A small comparison just cost me half an hour of valueable time.

    In an ongoing series, I shall present another PHP WTF: The Boolean paradox.

    Continue Reading

    Worst “trojan” ever

    While idly browsing pastebin (yes, sometimes I do that), I found something interesting. It’s some mildly obfuscated PHP scripted malware. Curious what it might do, I started reverse engineering it and found what must be the worst coded trojan ever.

    Continue Reading

    Talking with Herbert from Microsoft

    At work I’m stuck with Microsoft Office XP Professional. My previous workstation was one that belonged in a museum (and now luckily is) and had no problems activating Office XP. With my new and shiny workstation (running Windows 7 Professional 64-bit), activating the software was impossible.

    After some googling I found a forum with a post suggesting to contact Microsoft Support via chat. The following is my conversation with “Herbert” from Microsoft support…

    Continue Reading

    Apache Range header vulnerability script

    I wrote an upgraded variant of the Apache killer script propagated on Full Disclosure capable of HTTPS requests. Also, other than its descendant, it can follow a server’s initial response for redirection which the original script interprets as the server not being vulnerable.

    Script is available here: [download id=”18″]

    This script merely checks for vulnarabilities but will not exploit them.

    To deprecate or not to deprecate

    As of version 5.3 of PHP, certain features and functions are considered deprecated. It comes with the territory. In major version changes, new features are added while old stuff is discarded. Unsurprisingly – and lucky for me, with that change in versions comes yet another WTF for me to rant about.

    Continue Reading

    Twitter plugin for WordPress

    I recently installed V.J. Catkick@’s Twitter Plugin for WordPress. Shortly thereafter I noticed my HTML validator Firefox Plugin changing from a pleasing green check mark to a nasty red cross complaining about (X)HTML validation errors.

    Continue Reading