Archive for April, 2008

 

Hakin9 April 2008 ..

Apr 09, 2008 in Hakin9, Security


»File Inclusion Attacks

Erhan Yekta , Ali Recai Yekta
In the realm of web application vulnerabilities, file inclusion attacks are one of the most dangerous. What makes this type of attack so dangerous?

** Example:

index.php


<?php
include($page);
?>

Instead of


<?php
include("script.php");
?>

An attack may use this:

index.php?page=/etc/password

to change the included page.

If the included file has a hardcoded extension like this:

include($page . "php");

Than the attack URL would include the null-byte attack:

index.php?page=/etc/passwd%00

»Hacking RSS Feeds: Insecurities in Implementing RSS Feeds

** Embedding php code in JPEG images

JPEG images have a header called exif (Exchangeable Image File Format).
A tool called

jhead

can be used to embed php code in the header.
An image invoked as:

index.php?page=/images/hackedimage.jpg

will prompt php to execute the header code.

»Hacking RSS

Aditya K. Sood aka 0kn0ck
This paper sheds light on the insecure coding practices that affect RSS based web applications and also on their flexibility. The advent of Web 2.0 has enhanced the mobility of content. The inclusion of content has become the sole basis for the interworking of websites.

»Alternate Data Streams or “Doctor Jekyll and Mr. Hyde” Move to NTFS (Part II)

Laic Aurelian
In the first part, we saw just the possibilities respectively: how simple it is to attach, extract and launch malicious code hidden in ADS. In the following examples, we will show a full program (script) that acts like a virus and exploits ADS in order to make itself invisible and damage a system.

»All in Memory Execution under Linux

Anthony Desnos , Frédéric Guihéry
During a computer intrusion, a good attacker has to pay close attention to the traces he could leave on the remote target. The following article will describe different techniques that provide enough discretion in order to bypass the usual countermeasures.

** Tools - remote code injection/binary injection

Pitbull, Sanson the Headman, Guillotine
Forensic tools:
Process Dumper
Uses system call ptrace to attach to a process.
$ ./pd -o dumpfile pid

»The Real Dangers of Wireless Networks

Stephen Argent
Most of us have read exactly how easy it is to gain access to Wireless Networks – but once you have access, did you really realise how easy it was to have passwords to any internet traffic, or how easy it was to manipulate and sniff this traffic?

ARP Poisoning for Wi-Fi. ARP=Address Resolution Protocol.
Tools: Ettercap, PacketCreator (Windows), Arpwatch.

»How to Deploy Robustness Testing

Mikko Varpiola , Ari Takanen
Today’s software companies design and test their code using the well-accepted, familiar method of positive testing. Still, all communications software appears to be infested with security critical bugs that can be misused to crash the software or to take total control of the device running the software.

»Protecting Data in a Postgres Database

Robert Bernier
What if the cracker has the ultimate power to see and do things they are not authorized to possess? What if they acquire the privileges of the superuser himself?

Tools: chkpass.so, pgcrypto.so

»Global Thermonuclear War – Shall We Play a Game?

Matthew Jonkman
There’s a movie I think everyone in the security world has likely seen. Wargames, Matthew Broderick as a teenager that accidentally builds a relationship with WOPR and nearly triggers a nuclear strike because humans relied too heavily on machines.

»Consumers Test – Choose the Right Router

Matthew Sabin, , hakin9 team
If you accept the tubes or pipes analogy of the Internet, then router are essentially the fittings and valves in the pipes of the Internet. Since their invention, their underlying principle is largely unchanged: A router takes traffic from one network and relays it to connected networks on a path toward each packet’s destination network. Over time many additional functions have been added: Routers can analyze packets in transit.

»Interview with Nicolaas Vlok

hakin9 team
Changing challenges to opportunities, Nicolaas Vlok is leading Vision Solutions to become an unprecedented force within today’s information availability industry by providing business continuity solutions to customers around the world.

»Self Exposure by Mike Chan and Bing Liu

hakin9 team
This section is to introduce people who take part in IT Security development and reinforcement.