Archive for the 'Hakin9' Category


Hakin9 April 2008 ..

Apr 09, 2008 in Hakin9, Security

»File Inclusion Attacks

Erhan Yekta , Ali Recai Yekta
In the realm of web application vulnerabilities, file inclusion attacks are one of the most dangerous. What makes this type of attack so dangerous?

** Example:



Instead of


An attack may use this:


to change the included page.

If the included file has a hardcoded extension like this:

include($page . "php");

Than the attack URL would include the null-byte attack:


»Hacking RSS Feeds: Insecurities in Implementing RSS Feeds

** Embedding php code in JPEG images

JPEG images have a header called exif (Exchangeable Image File Format).
A tool called


can be used to embed php code in the header.
An image invoked as:


will prompt php to execute the header code.

»Hacking RSS

Aditya K. Sood aka 0kn0ck
This paper sheds light on the insecure coding practices that affect RSS based web applications and also on their flexibility. The advent of Web 2.0 has enhanced the mobility of content. The inclusion of content has become the sole basis for the interworking of websites.

»Alternate Data Streams or “Doctor Jekyll and Mr. Hyde” Move to NTFS (Part II)

Laic Aurelian
In the first part, we saw just the possibilities respectively: how simple it is to attach, extract and launch malicious code hidden in ADS. In the following examples, we will show a full program (script) that acts like a virus and exploits ADS in order to make itself invisible and damage a system.

»All in Memory Execution under Linux

Anthony Desnos , Frédéric Guihéry
During a computer intrusion, a good attacker has to pay close attention to the traces he could leave on the remote target. The following article will describe different techniques that provide enough discretion in order to bypass the usual countermeasures.

** Tools - remote code injection/binary injection

Pitbull, Sanson the Headman, Guillotine
Forensic tools:
Process Dumper
Uses system call ptrace to attach to a process.
$ ./pd -o dumpfile pid

»The Real Dangers of Wireless Networks

Stephen Argent
Most of us have read exactly how easy it is to gain access to Wireless Networks – but once you have access, did you really realise how easy it was to have passwords to any internet traffic, or how easy it was to manipulate and sniff this traffic?

ARP Poisoning for Wi-Fi. ARP=Address Resolution Protocol.
Tools: Ettercap, PacketCreator (Windows), Arpwatch.

»How to Deploy Robustness Testing

Mikko Varpiola , Ari Takanen
Today’s software companies design and test their code using the well-accepted, familiar method of positive testing. Still, all communications software appears to be infested with security critical bugs that can be misused to crash the software or to take total control of the device running the software.

»Protecting Data in a Postgres Database

Robert Bernier
What if the cracker has the ultimate power to see and do things they are not authorized to possess? What if they acquire the privileges of the superuser himself?


»Global Thermonuclear War – Shall We Play a Game?

Matthew Jonkman
There’s a movie I think everyone in the security world has likely seen. Wargames, Matthew Broderick as a teenager that accidentally builds a relationship with WOPR and nearly triggers a nuclear strike because humans relied too heavily on machines.

»Consumers Test – Choose the Right Router

Matthew Sabin, , hakin9 team
If you accept the tubes or pipes analogy of the Internet, then router are essentially the fittings and valves in the pipes of the Internet. Since their invention, their underlying principle is largely unchanged: A router takes traffic from one network and relays it to connected networks on a path toward each packet’s destination network. Over time many additional functions have been added: Routers can analyze packets in transit.

»Interview with Nicolaas Vlok

hakin9 team
Changing challenges to opportunities, Nicolaas Vlok is leading Vision Solutions to become an unprecedented force within today’s information availability industry by providing business continuity solutions to customers around the world.

»Self Exposure by Mike Chan and Bing Liu

hakin9 team
This section is to introduce people who take part in IT Security development and reinforcement.

Hakin9 March 2008 ..

Mar 10, 2008 in Hakin9, Security

»Pentest Labs Using LiveCDs

Thomas Wilhelm
After reading this article, you will come to know how to use and design LiveCDs for use in a Penetration Test Lab

»Best Practices for Secure Shell

Ryan W. Maple
The article presents the usage of an application called Secure Shell. It explains why SSH is the best secure tool for remote access. The paper also shows the best practices in using SSH and tips on how to avoid common mistakes.

»Cracking LDAP Salted SHA Hashes

Andres Andreu
The article will learn you how LDAP Salted SHA Hashes are structured, how to employ modern day tools to crack LDAP SSHA hashes. The author shows why LDAP SSHA hashes should be treated like clear-text data.

»Javascript Obfuscation Techniques

David Sancho , Trend Micro
A very useful paper on how to conceal javascript code and how to detect and deobfuscate code hidden by these techniques.

»Breaking in Add-on Malwares

Aditya K. Sood aka 0kn0ck
This article covers the working functionality of Malware Add-ons. It presents the practical techniques which will help to understand Malwares effectively.

»Vulnerabilities Due to Type Conversion of Integers

Davide Pozza
In this article the author presents the nature of type conversion. He explains how C’s type conversions work, how vulnerabilities can be caused by unsafe type conversions and how to review C code for such vulnerabilities. Last but not least you will get to know how to prevent them.

»Authentication and Encryption Techniques

Robert Bernier
Part II of the three-part series on Postgres. This article is to present ideas that can be used to mitigate threats presented in first part, using various authentication and encryption technologies that are available on Linux and other UNIX-like operating systems.

»Consumers Test – We Help You Choose the Most Reliable Anti Virus Program

Kevin Beaver , hakin9 team
Consumers tests on Anti Virus programs. The goal is to help the readers make a right choice when getting the software.

»Interview with Marcus J. Ranum

hakin9 team
You will have a chance to get to know Marcus Ranum’s point of view on IT security, hackers and his career.

»Self Exposure by Richard Bejtlich and Harlan Carvey

Monika Drygulska
This section is to introduce people who take part in IT Security development and reinforcement.

Hakin9 Starterkit Feb 2007 ..

Feb 22, 2007 in Hakin9, Security

Hakin9 Feb 2007

Introduction to Firewalls: From ISO/OSI to DMZ

Introduction to Firewall Rulebases

Knock Knock Knocking On Firewall’s Door

Highly-Redundant Network Firewall: pf + CARP

Linux Netfilter – Packet Mangling and Applications

Basics of Firewalling and iptables

Much More Than Just a Firewall

Web Application Firewall – ModSecurity for Apache

Easy Firewalling with IPCop

Introduction to Anti-spam Practices

Popular Free Software Firewalls for Home/Personal Use

Making Firewalls Smarter

Hakin9 Jan 2005 ..

Jan 04, 2005 in Hakin9, Security


  • Expose an Email Sender
  • Email header analysis

  • Safe Storage of Confidential Data under GNU/Linux
  • Encrypting with gpg: files, directories, file systems

  • Cisco IOS from an Attacker’s POV
  • Vulnerabilities via web admin, tftp, snmp, denial of service

    Tools: Cain and Abel, Hydra, Cisco Crack, Brutus, hping2

  • Internal Penetration Tests
  • tcpdump, nmap, nessus

  • Analysis of Suspicious Programs
  • Program info tools: PEiD, FileInfo.
    Disassemblers: IDA (commercial –

  • Reverse Engineering ELF Executables in Forensic Analysis
  • ELF = Executable and Linking Format

    Tools: binutils: ar, nm, objdump, strings, ht, file

  • Port Scanning – an Admin’s POV
  • Tools: telnet, sendip, nmap, pkdump, lestat, portsentry, PSAD

  • Tools
    • h9.DiskShredder – lite version on Hakin9 Live CD
    • Note: secure file remove: srm

    • netwox and netwag (GUI to netwox) – See Hakin9 Live CD
    • Network diagnostics: TCP, ping, sniff, tcpdump, IRC client.

    • sniffit
    • Simple packet sniffer – intercept APOP, POP3, CRAM-MD4 (clear text), traffic.

    • iptraf
    • Traffic analyzer, sort by transfer sizes, filters.

  • Web resources
  • – security advisories, info – linux tools, info – attacks